Axis 2100 Network Camera 2.43 Cross Site Scripting

Published
Credit
Risk
2017.08.04
Nassim Asrir
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2017-12413
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

i>>?[+] Title: Axis 2100 Network Camera 2.43 - Reflected XSS
[+] Credits / Discovery: Nassim Asrir
[+] Author Contact: wassline@gmail.com
[+] Author Company: Henceforth
[+] CVE: CVE-2017-12413

Vendor:
===============

https://www.axis.com/


Vulnerability Type:
===================

Reflected Cross Site Scripting.


issue:
===================

The value of the URL path filename is copied into the HTML document as plain text between tags.
The payload b8b8w<script>alert(1)</script>rw1wz was submitted in the URL path filename.
This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.


POC:
===================

http://target/admin/admin.shtmlb8b8w%3cscript%3ealert(1)%3c/script%3erw1wz

Tested on:
===============

Windows 7 (64 Bit)


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com