Hosting Provided By

Owning Big Brother: How to Crack into Axis IP cameras

From: <research(at)procheckup.com>
Date: Fri Sep 28 2007 - 07:21:53 EDT

The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever!

In the paper we only cover new vulnerabilities affecting older _and_ the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43):

System-wide Cross-site Request Forgeries (CSRF) – any admin action can be forged by design! Non-persistent Cross-site Scripting (XSS) on 404 error pages

  Persistent cross-site Scripting (XSS) on the network settings page
  Persistent cross-site Scripting (XSS) on the video viewing page
  Persistent cross-site Scripting (XSS) on the logs viewing facility

For more info please see: http://www.procheckup.com/Vulnerability_2007.php Received on Fri Sep 28 12:11:52 2007

This message: [ Message body ]
Next message: Guy Mizrahi: "feedreader3 has XSS vulnerability"
Previous message: gmdarkfig(at)gmail.com: "Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:18:29 EDT