lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CABsCEg2V+nk+O2=pC2DMohoNK5nQzcSwH8VojF=vcQzBHroQAg@mail.gmail.com>
Date: Thu, 7 Nov 2013 10:56:59 +0200
From: LIAD Mizrachi <liadmz@...il.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: FOSCAM Wireless IP Camera - SSID Cross Site
	Scripting

Advisory:               FOSCAM Wireless IP Camera - SSID XSS
Author:                 Liad Mizrachi
Vendor URL:             http://www.foscam.com/
Vulnerability Status:   No Fix
CVE-ID:                 CVE-2013-5215

==========================
Vulnerability Description
==========================
FOSCAM's Web UI "WiFi scan" option is vulnerable to XSS using a custom AP SSID.


==========================
PoC
==========================

Setup wireless access point and set SSID with the _javascript_ code.
- SSID must start with ' (Apostrophe).
- SSID must end with // (comment).


==========================
Disclosure Timeline
==========================

20-Aug-2013 - Vendor informed by mail
21-Aug-2013 - Reply from FosCam Support, moved to R&D team.
08-Sep-2013 - Requesting the vendor for update on the issue.
08-Sep-2013 - Reply From Vendor: no fix will be issue.


==========================
References
==========================http://www.foscam.com/https://vimeo.com/72786679
[PoC Demo]

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ