[nuclei-template] CNVD-2017-06001 Dahua DSS SQL injection #9423
Labels
Done
Ready to merge
good first issue
Good for newcomers
nuclei-template
Nuclei template contribution
Template Information:
Dahua DSS Digital Surveillance System is a security video monitoring system developed by Dahua.
A SQL injection vulnerability exists within Dahua DSS. Attackers can send specially crafted data packets to the
attachment_clearTempFile.action
orattachment_getAttList.action
route, exploiting error-based injection to acquire sensitive information from the database. Beyond obtaining information from the database such as administrator credentials and personal information of users on the site, attackers could potentially write trojans to the server with sufficient privileges and further gain system-level access.Relevant vulnerability ID: CNVD-2017-06001
Nuclei Template:
valid match response snippet:
The text was updated successfully, but these errors were encountered: