Overview ======= Technical Risk: high Likelihood of Exploitation: medium Tested version: ICA-5350V/ICA-* Credits: Discovered and researched by GT.Omaz from OrwellLabs Issues ===== I. Local File Inclusion II. Arbitrary file read/Authentication bypass III. Sensitive information disclosure IV. Cross-site request forgery V. Reflected Cross-site scripting VI. hardcoded credentials I. Local File Inclusion ================ The Web Management interface of PLANET IP surveillance Cam model ICA-5350V (and probably some other models, maybe ICA-*) is prone to Local File Include (LFI). POC
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment