Over the weekend, i had the time to review a whitepaper written by both Adrian Pastor and Amir Azam. In that article, they displayed certain XSS techniques that allowed an attacker to own the IP cameras and monitor it. Well, i would say that this is not too bad of an article as the PoC included. It is still the same old XSS that is doing the trick and CSRF that allows creation of admin accounts. The firmware for Axis is just crap. They should brush up on their security to avoid more security issues. For those who are interested, do check it out at
http://www.gnucitizen.org/blog/owning-big-brother-hollywood-style-exploits-included
The Hacka Man
Senin, 01 Oktober 2007
Owning Axis IP Cameras
00.57
No comments
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar