Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Owning Big Brother: How to Crack into Axis IP cameras

Re: Owning Big Brother: How to Crack into Axis IP cameras

From: Adrian P. <adrian.pastor_at_procheckup.com>
Date: Fri, 28 Sep 2007 12:58:10 +0100

Hi there,

The 2100, *also* has that feature. In our paper, we abused that feature
to steal the 'passwd' file through a XSS vuln which makes a request to
'/admin-bin/editcgi.cgi?file=/etc/passwd'. Haven't tested your vector,
but I don't see why it wouldn't work.

It'd be cool to put a list of vectors that can be used to replace the
original video stream. Any volunteers? :-)

Brooks, Shane wrote:
> XSS, CSRF - You don't even have to be that fancy, at least on the 2130 we're running. Maybe it's simply that Earth Cam got a hold of it and added their own interface on top of the default Axis one... But they were nice enough to give us a webpage where we can edit any file on the camera and submit back your changes:
>
> http://ip.of.webcam/admin-bin/editcgi.cgi
>
>
>
>
> -----Original Message-----
> From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On Behalf Of Adrian P.
> Sent: Thursday, September 27, 2007 4:23 PM
> To: webappsec_at_securityfocus.com
> Subject: Owning Big Brother: How to Crack into Axis IP cameras
>
> We found multiple vulnerabilities on Axis 2100 IP cameras affecting both
> old firmware versions and the latest firmware (2.43).
>
> The research is made of two components: a purple paper and a video. The
> research doesn't just cover boring PoCs, but actual Hollywood-style
> exploits :-) . Yes, this includes the classic attack in which the
> legitimate video stream gets replaced by another stream that keeps
> looping forever!
>
> Why am I posting this to the webappsec mail list? Because the exploits
> covered attack the web interface of these IP cameras.
>
> More info can be found on:
>
> http://www.procheckup.com/Vulnerability_2007.php
>
> Regards,
> AP.
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> The Twelve Most Common Application-level Hack Attacks
> Hackers continue to add billions to the cost of doing business online
> despite security executives' efforts to prevent malicious attacks. This
> whitepaper identifies the most common methods of attacks that we have seen,
> and outlines a guideline for developing secure web applications.
> Download today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe
> --------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.13.32/1032 - Release Date: 9/26/2007 8:20 PM
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.13.32/1032 - Release Date: 9/26/2007 8:20 PM
>
>
>
> DISCLAIMER:
> The Family of Orange Lake Resorts does not accept legal responsibility for the contents of this message. The Family of Orange Lake Resorts reserves the right to monitor the transmission of this message and to take corrective action against any misuse or abuse of its e-mail system or other components of its network. The information contained in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient, any disclosure, copying, distribution, or any action or act of forbearance taken in reliance on it, is prohibited and may be unlawful. Any views expressed in this e-mail are those of the individual sender, except where the sender has been duly authorized to specifically state the content of the e-mail on behalf of The Family of Orange Lake Resorts. The recipient should check this e-mail and any attachments for the presence of viruses. The Family of Orange Lake Resorts accepts no liability for any damage caused by any viruses transmitted by this e-mail.
>
>

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
-------------------------------------------------------------------------
Received on Oct 02 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos