Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-12413

Publish Date: 04 Aug 2017

Source

                							

                i&gt;&gt;?[+] Title: Axis 2100 Network Camera 2.43 - Reflected XSS
[+] Credits / Discovery: Nassim Asrir
[+] Author Contact: wassline@gmail.com 
[+] Author Company: Henceforth
[+] CVE: CVE-2017-12413
 
Vendor:
===============
 
https://www.axis.com/
  
  
Vulnerability Type:
===================
 
Reflected Cross Site Scripting.
 
 
issue:
===================
 
The value of the URL path filename is copied into the HTML document as plain text between tags.
The payload b8b8w&lt;script&gt;alert(1)&lt;/script&gt;rw1wz was submitted in the URL path filename. 
This input was echoed unmodified in the application's response.  This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.  


POC:
===================

http://target/admin/admin.shtmlb8b8w%3cscript%3ealert(1)%3c/script%3erw1wz
  
Tested on:
=============== 
 
Windows 7 (64 Bit)
<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Axis 2100 Network Camera 2.43 Cross Site Scripting

Vulmon Search

About

Products

Connect