Mobotix IP Network Camera eventplayer get_image_info_abspath Variable XSS

2006-05-17T09:47:34
ID OSVDB:25623
Type osvdb
Reporter Jaime Blasco(jaime.blasco@eazel.es)
Modified 2006-05-17T09:47:34

Description

Vulnerability Description

Mobotix IP Network Camera contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'get_image_info_abspath' variable upon submission to the eventplayer script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version V2.2.3.18 (for camera models M10/D10) or V3.0.3.31 (for camera model M22) or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mobotix IP Network Camera contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'get_image_info_abspath' variable upon submission to the eventplayer script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert('hi')%3E

References:

Vendor URL: http://www.mobotix.com/ Security Tracker: 1016128 Secunia Advisory ID:20151 Related OSVDB ID: 25621 Related OSVDB ID: 25622 Other Advisory URL: http://www.eazel.es/media/advisory001.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0337.html Mail List Post: http://attrition.org/pipermail/vim/2006-August/000980.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0422.html ISS X-Force ID: 26538 FrSIRT Advisory: ADV-2006-1857 CVE-2006-2490 Bugtraq ID: 18022