Mobotix IP Camera 多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110289 漏洞类型 跨站脚本
发布时间 2006-05-17 更新时间 2006-08-28
CVE编号 CVE-2006-2490 CNNVD-ID CNNVD-200605-365
漏洞平台 Hardware CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/27894
https://cxsecurity.com/issue/WLB-2006050123
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-365
|漏洞详情
MobotixIPNetworkCamerasM11.9.4.7和M102.0.5.2以及M10/D10的2.2.3.18和M22的3.0.3.31之前的其他版本存在多个跨站脚本攻击(XSS)漏洞。远程攻击者可以借助(1)对help/help的查询字符串,(2)对control/eventplayer的get_image_info_abspath参数,以及(3)对events.tar的source_ip参数中的URL编码值,注入任意Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/18022/info
  
The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input. 
  
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
  
http://www.example.com/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E
|参考资料

来源:XF
名称:mobotix-multiple-xss(26538)
链接:http://xforce.iss.net/xforce/xfdb/26538
来源:VUPEN
名称:ADV-2006-1857
链接:http://www.frsirt.com/english/advisories/2006/1857
来源:SECUNIA
名称:20151
链接:http://secunia.com/advisories/20151
来源:BID
名称:18022
链接:http://www.securityfocus.com/bid/18022
来源:BUGTRAQ
名称:20060822VendorStatement:fixedMobotixIPNetworkCamerasMultipleXSSbug
链接:http://www.securityfocus.com/archive/1/archive/1/444018/100/0/threaded
来源:BUGTRAQ
名称:20060517MobotixIPNetworkCamerasMultipleXSS
链接:http://www.securityfocus.com/archive/1/archive/1/434289/100/0/threaded
来源:OSVDB
名称:25623
链接:http://www.osvdb.org/25623
来源:OSVDB
名称:25622
链接:http://www.osvdb.org/25622
来源:OSVDB
名称:25621
链接:http://www.osvdb.org/25621
来源:MISC
链接:http://www.eazel.es/media/advisory001.html
来源:VIM
名称:20060821CVE-2006-2490(Mobotix)vendorACK
链接:http://www.attrition.org/pipermail/vim/2006-August/000980.html
来源:SECTRACK
名称:1016128
链接:http://securitytracker.com/id?1016128
来源:SREASON
名称:929
链接:http://securityreason.com/securityale