Axis 2100 Network Camera 2.43 Cross Site Scripting

Axis 2100 Network Camera version 2.43 suffers from a cross site scripting vulnerability.

MD5 | ece4df6e4c1f4cd6a9cfc25c4e346144

i>>?[+] Title: Axis 2100 Network Camera 2.43 - Reflected XSS
[+] Credits / Discovery: Nassim Asrir
[+] Author Contact: [email protected]
[+] Author Company: Henceforth
[+] CVE: CVE-2017-12413


Vulnerability Type:

Reflected Cross Site Scripting.


The value of the URL path filename is copied into the HTML document as plain text between tags.
The payload b8b8w<script>alert(1)</script>rw1wz was submitted in the URL path filename.
This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.



Tested on:

Windows 7 (64 Bit)

Related Posts