Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Owning Big Brother: How to Crack into Axis IP cameras

from [research] Network Security [Permanent Link]
Subject: Owning Big Brother: How to Crack into Axis IP cameras
Date: 28 Sep 2007 11:21:53 -0000 
The research is made of two components: a purple paper and a video. The 
research doesn't just cover boring PoCs, but actual Hollywood-style exploits 
:-) . Yes, this includes the classic attack in which the legitimate video 
stream gets replaced by another stream that keeps looping forever!

In the paper we only cover new vulnerabilities affecting older _and_ the latest 
firmware. The most eye-catching ones are perhaps the following issues affecting 
the latest version of the firmware (2.43): 

  System-wide Cross-site Request Forgeries (CSRF) ? any admin action can be 
forged by design!
  Non-persistent Cross-site Scripting (XSS) on 404 error pages
  Persistent cross-site Scripting (XSS) on the network settings page
  Persistent cross-site Scripting (XSS) on the video viewing page
  Persistent cross-site Scripting (XSS) on the logs viewing facility

For more info please see: http://www.procheckup.com/Vulnerability_2007.php
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Owning Big Brother: How to Crack into Axis IP cameras, research <=
Previous by Date:  Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11, gmdarkfig
Next by Date:  feedreader3 has XSS vulnerability, Guy Mizrahi
Previous by Thread:  [ MDKSA-2007:190 ] - Updated kdebase packages fix KDM vulnerability, security
Next by Thread:  feedreader3 has XSS vulnerability, Guy Mizrahi
Indexes:  [Date] [Thread] [Top] [All Lists]