Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Abus Security Cams 0101a Cross Site Scripting

🗓️ 30 Sep 2016 00:00:00Reported by Tim SchughartType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 35 Views

Abus Security Cams 0101a FTP Cross Site Scripting Vulnerabilit

Code
`Product: Abus Security Cams   
Vendor:Abus Group   
  
Internal reference: -   
Vulnerability type: Cross Site Scripting   
Vulnerable version: 0101a and possible other versions affected (not tested)  
Vulnerable component: FTP  
Report confidence: Confirmed  
Solution status: Not fixed by Vendor, will not patch the vuln.   
Fixed versions: -  
Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks  
Vendor notification: 2016-09-21  
Solution date:   
Public disclosure: 2016-09-29  
CVE reference:   
CVSSv3: 8.0 AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  
  
Vulnerability Details:  
The entered username via FTP login is reflected to the log which is rendered in the web interface without input validation. This results in an successfull, persistent, XSS.  
  
Risk:  
Through this you are able to get e.g. the session cookies of the cams administrator. So you are able to get full access - persistent.   
  
PoC:   
FTP Username: <script>alert(document.cookie)</script>   
FTP Pass: any   
  
Browse to log and watch the popup :)   
  
  
Best regards / Mit freundlichen GrA1/4Aen   
  
Tim Schughart   
CEO / GeschA$?ftsfA1/4hrer   
  
--  
ProSec Networks e.K.  
Ellingshohl 82  
56076 Koblenz   
  
Website: https://www.prosec-networks.com   
E-Mail: [email protected]   
Mobile: +49 (0)157 7901 5826  
Phone: +49 (0)261 450 930 90  
  
"This E-Mail communication may contain CONFIDENTIAL, PRIVILEGED and/or LEGALLY PROTECTED information and is intended only for the named recipient(s). Any unauthorized use, dissemination, copying or forwarding is strictly prohibited. If you are not the intended recipient and have received this email communication in error, please notify the sender immediately, delete it and destroy all copies of this E-Mail. VAT ID: DE290654714 legal domicile Koblenz, HRA 21621.a  
  
"Diese E-Mail Mitteilung kann VERTRAULICHE, dem BERUFSGEHEIMNIS UNTERLIEGENDE und/oder RECHTLICH GESCHATZTE Informationen enthalten und ist ausschlieAlich fA1/4r den/die genannten Adressaten bestimmt. Jede unbefugte Nutzung, Weitergabe, VervielfA$?ltigung oder Versendung ist strengstens verboten. Sollten Sie nicht der angegebene Adressat sein und diese E-Mail Mitteilung irrtA1/4mlich erhalten haben, informieren Sie bitte sofort den Absender, lAPschen diese E-Mail und vernichten alle Kopien. USt-IdNr.: DE290654714, Amtsgericht Koblenz, HRA 21621."  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Sep 2016 00:00Current
7.4High risk
Vulners AI Score7.4
abus security camscross site scriptingftpprosec networkspersistent accessvulnerabilitytim schughartkhanh quoc pham
35