Darkwet Network WebcamXP Cross-Site Scripting Vulnerability
BID:9465
Info
Darkwet Network WebcamXP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9465 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-2094 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 21 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | The disclosure of this issue has been credited to Rafel Ivgi, The-Insider <[email protected]>. |
| Vulnerable: |
Darkwet WebCam XP 1.6.945 |
| Not Vulnerable: | |
Discussion
Darkwet Network WebcamXP Cross-Site Scripting Vulnerability
It has been reported that WebcamXP may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. It has been reported that HTML and script code may be parsed via a malicious URI.
Successful exploitation of this attack may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
WebcamXP version 1.06.945 has been identified as vulnerable, however, other versions could be affected as well.
It has been reported that WebcamXP may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. It has been reported that HTML and script code may be parsed via a malicious URI.
Successful exploitation of this attack may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
WebcamXP version 1.06.945 has been identified as vulnerable, however, other versions could be affected as well.
Exploit / POC
Darkwet Network WebcamXP Cross-Site Scripting Vulnerability
No exploit is required.
The following proof of concept has been supplied:
http://www.example.com/<script>alert('XSS')</script>
No exploit is required.
The following proof of concept has been supplied:
http://www.example.com/<script>alert('XSS')</script>
Solution / Fix
Darkwet Network WebcamXP Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.