Owning Big Brother: How to Crack into Axis IP cameras

Type securityvulns
Reporter Securityvulns
Modified 2007-10-01T00:00:00


The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever!

In the paper we only cover new vulnerabilities affecting older and the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43):

System-wide Cross-site Request Forgeries (CSRF) – any admin action can be forged by design! Non-persistent Cross-site Scripting (XSS) on 404 error pages Persistent cross-site Scripting (XSS) on the network settings page Persistent cross-site Scripting (XSS) on the video viewing page Persistent cross-site Scripting (XSS) on the logs viewing facility

For more info please see: http://www.procheckup.com/Vulnerability_2007.php