DB: 2015-05-16
1 new exploits
This commit is contained in:
Offensive Security
parent
b3321b3426
commit
f8d109fa3c
1 changed files with 26 additions and 0 deletions
26
platforms/multiple/webapps/10209.txt
Executable file
26
platforms/multiple/webapps/10209.txt
Executable file
|
|
@ -0,0 +1,26 @@
|
||||||
|
**************************************************************
|
||||||
|
Product: Everfocus EDSR series
|
||||||
|
Version affected: 1.4 and older
|
||||||
|
Website: http://www.everfocus.com/
|
||||||
|
Discovered By: Andrea Fabrizi
|
||||||
|
Email: andrea.fabrizi () gmail com
|
||||||
|
Web: http://www.andreafabrizi.it
|
||||||
|
Vuln: remote DVR applet authentication bypass
|
||||||
|
**************************************************************
|
||||||
|
|
||||||
|
The EDSR firmware don't handle correctly users authentication and sessions.
|
||||||
|
|
||||||
|
This exploit let you to connect to every remote DVR (without username
|
||||||
|
and password) and see the live cams :)
|
||||||
|
Exploit: http://www.andreafabrizi.it/files/EverFocus_Edsr_Exploit.tar.gz
|
||||||
|
|
||||||
|
I discovered this vulnerability one year ago and i have informed the
|
||||||
|
vendor, but apparently
|
||||||
|
there is no solution at this time.
|
||||||
|
|
||||||
|
--
|
||||||
|
Andrea Fabrizi
|
||||||
|
http://www.andreafabrizi.it
|
||||||
|
|
||||||
|
|
||||||
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10209.tar.gz (2009-11-22-EverFocus_Edsr_Exploit.tar.gz)
|
||||||
Loading…
Add table
Reference in a new issue