WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Owning Big Brother: How to Crack into Axis IP cameras

From: "Adrian P." <adrian.pastor () procheckup com>
Date: Fri, 28 Sep 2007 12:58:10 +0100
Hi there,
The 2100, *also* has that feature. In our paper, we abused that feature to steal the 'passwd' file through a XSS vuln which makes a request to '/admin-bin/editcgi.cgi?file=/etc/passwd'. Haven't tested your vector, but I don't see why it wouldn't work.
It'd be cool to put a list of vectors that can be used to replace the original video stream. Any volunteers? :-) 

Brooks, Shane wrote:

XSS, CSRF - You don't even have to be that fancy, at least on the 2130 we're running.  Maybe it's simply that Earth Cam 
got a hold of it and added their own interface on top of the default Axis one... But they were nice enough to give us a webpage where 
we can edit any file on the camera and submit back your changes:

http://ip.of.webcam/admin-bin/editcgi.cgi




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adrian P.
Sent: Thursday, September 27, 2007 4:23 PM
To: webappsec () securityfocus com
Subject: Owning Big Brother: How to Crack into Axis IP cameras
We found multiple vulnerabilities on Axis 2100 IP cameras affecting both old firmware versions and the latest firmware (2.43).
The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever!
Why am I posting this to the webappsec mail list? Because the exploits covered attack the web interface of these IP cameras. 

More info can be found on:

http://www.procheckup.com/Vulnerability_2007.php

Regards,
AP. 
-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe
--------------------------------------------------------------------------


No virus found in this incoming message.
Checked by AVG Free Edition. Version: 7.5.488 / Virus Database: 269.13.32/1032 - Release Date: 9/26/2007 8:20 PM 
No virus found in this outgoing message.
Checked by AVG Free Edition. Version: 7.5.488 / Virus Database: 269.13.32/1032 - Release Date: 9/26/2007 8:20 PM 

DISCLAIMER:
The Family of Orange Lake Resorts does not accept legal responsibility for the contents of this message. The Family of 
Orange Lake Resorts reserves the right to monitor the transmission of this message and to take corrective action 
against any misuse or abuse of its e-mail system or other components of its network. The information contained in this 
e-mail is confidential and may be legally privileged.  It is intended solely for the addressee. If you are not the 
intended recipient, any disclosure, copying, distribution, or any action or act of forbearance taken in reliance on it, 
is prohibited and may be unlawful. Any views expressed in this e-mail are those of the individual sender, except where 
the sender has been duly authorized to specifically state the content of the e-mail on behalf of The Family of Orange 
Lake Resorts.  The recipient should check this e-mail and any attachments for the presence of viruses. The Family of 
Orange Lake Resorts accepts no liability for any damage caused by any viruses transmitted by this e-mail.




-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: