command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
Python 100.00%
cve-2021-36260's Introduction
Hello World! Hello Github!Hi 你好!
I'm Aiminsun,from China🇨🇳
🔭 security researcher
🤔 good at IOT, reverse, binary, Web, programming, code audit, Security research and vulnerability mining
📷 My hobbies Playing guitar Singing Writing code Taking pictures
i tried modify the code a bit but i got many error when i tried to read rhosts from diffrent file, is it possible to add check multi IP's instead of 1 from txt file.
Hi!
I wanted to test the devices in my network and via --check it says one of them is vulnerable.
I can execute commands with --cmd, but --shell won´t work, always gets me a connection refused.
Should not be a network problem on my end. Is it because ssh is turned of in the GUI?
Because if I try the --cmd option with dropbear, it doesnt seem to do anything and the port stays closed?
Cheers!