Exploit Axis M10 Series Network Cameras - Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
36428
Проверка EDB
  1. Пройдено
Автор
MATT METZGER
Тип уязвимости
REMOTE
Платформа
HARDWARE
CVE
cve-2011-5261
Дата публикации
2011-12-07
Axis M10 Series Network Cameras - Cross-Site Scripting
Код:
source: https://www.securityfocus.com/bid/50968/info

Axis M10 Series Network Cameras are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Axis M1054 firmware 5.21 is vulnerable; other version may also be affected. 

http://www.example.com/admin/showReport.shtml?content=serverreport.cgi&pageTitle=%3C%2Ftitle%3E%3Cscript%3Ealert(String.fromCharCode(88%2C83%2C83))%3B%3C%2Fscript%3E%3Ctitle%3E
 
Источник
www.exploit-db.com

Похожие темы