CVE-2023-3836 PoC — Dahua Smart Parking Management 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-3836.yaml

Associated Vulnerability

Title:Dahua Smart Parking Management 代码问题漏洞 (CVE-2023-3836)
Description:Dahua Smart Parking Management是中国大华（Dahua）公司的一个停车解决方案。 Dahua Smart Parking Management 20230713之前版本存在代码问题漏洞，该漏洞源于文件/emap/devicePoint_addImgIco?hasSubsystem=true 中存在未知代码，通过参数upload导致不受限制的上传。

Description

Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.

File Snapshot


 id: CVE-2023-3836

info:
  name: Dahua Smart Park Management - Arbitrary File Upload
  author: HuTa0

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!