Home > Articles > Security > Network Security

  • Print
  • + Share This

Global XSS Relay

Numerous cross-site scripting vulnerabilities exist in this camera, but there are several that are world accessible, regardless of authorization. As a result, a malicious hacker could cause your browser to access the cameras web interface and execute JavaScript on your browser. The ramifications of this are huge, including the potential of an attacker gaining control over your browser or installing a backdoor on your system.

Figure 1 shows the URL of one of the vulnerable scripts in the camera:

http://192.168.1.103/incl/image_incl.shtml?camNo=</script><script>alert(String.fromCharCode(88,83,83))</script>
Figure 1

Figure 1 Global XSS in the AXIS 207W interface.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.