You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dahua DSS Digital Surveillance System is a security video monitoring system developed by Dahua.
A SQL injection vulnerability exists within Dahua DSS. Attackers can send specially crafted data packets to the attachment_clearTempFile.action or attachment_getAttList.action route, exploiting error-based injection to acquire sensitive information from the database. Beyond obtaining information from the database such as administrator credentials and personal information of users on the site, attackers could potentially write trojans to the server with sufficient privileges and further gain system-level access.
org.springframework.jdbc.UncategorizedSQLException: PreparedStatementCallback; uncategorized SQLException for SQL [select * from C_ATTACHMENT t where 1=1 and t.tab_Name=? and t.rec_Id in('1') AND EXTRACTVALUE(32776,CONCAT(0x5c,(SELECT (ELT(32776=32776,909836))),0x5c)) AND ('6jQ6F'='6jQ6F') and t.tmp_flag = ?]; SQL state [HY000]; error code [1105]; XPATH syntax error: '\909836\'; nested exception is java.sql.SQLException: XPATH syntax error: '\909836\'
The text was updated successfully, but these errors were encountered:
Template Information:
Dahua DSS Digital Surveillance System is a security video monitoring system developed by Dahua.
A SQL injection vulnerability exists within Dahua DSS. Attackers can send specially crafted data packets to the
attachment_clearTempFile.action
orattachment_getAttList.action
route, exploiting error-based injection to acquire sensitive information from the database. Beyond obtaining information from the database such as administrator credentials and personal information of users on the site, attackers could potentially write trojans to the server with sufficient privileges and further gain system-level access.Relevant vulnerability ID: CNVD-2017-06001
Nuclei Template:
valid match response snippet:
The text was updated successfully, but these errors were encountered: