Lucene search
Nassim Asrir1337DAY-ID-28240HistoryAug 05, 2017 - 12:00 a.m.
Axis 2100 Network Camera 2.43 Cross Site Scripting Vulnerability
2017-08-0500:00:00
Nassim Asrir
0day.today
271
0.001 Low
EPSS
Percentile
48.3%
Axis 2100 Network Camera version 2.43 suffers from a cross site scripting vulnerability.
i>>?[+] Title: Axis 2100 Network Camera 2.43 - Reflected XSS
[+] Credits / Discovery: Nassim Asrir
[+] Author Contact: [emailΒ protected]
[+] Author Company: Henceforth
[+] CVE: CVE-2017-12413
Vendor:
===============
https://www.axis.com/
Vulnerability Type:
===================
Reflected Cross Site Scripting.
issue:
===================
The value of the URL path filename is copied into the HTML document as plain text between tags.
The payload b8b8w<script>alert(1)</script>rw1wz was submitted in the URL path filename.
This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
POC:
===================
http://target/admin/admin.shtmlb8b8w%3cscript%3ealert(1)%3c/script%3erw1wz
Tested on:
===============
Windows 7 (64 Bit)
# 0day.today [2018-04-14] #Related
cvelist
cvelist
CVE-2017-12413
2017-08-04 13:00:00
prion
prion
Design/Logic Flaw
2017-08-04 13:29:00
cve
cve
CVE-2017-12413
2017-08-04 13:29:00
nvd
nvd
CVE-2017-12413
2017-08-04 13:29:00
openvas
openvas
Axis 2001 Network Camera <= 2.43 XSS Vulnerability
2017-08-07 00:00:00
packetstorm
packetstorm
Axis 2100 Network Camera 2.43 Cross Site Scripting
2017-08-04 00:00:00