Does this mean the server refused to accept our input? Let’s reload the FTP settings page to see if it stored the value we sent: Now lets try putting that special character in the URL and see if the server checks for it:
#WANSVIEW APP BACKGROUND AUDIO UPDATE#
Is it also performed server side? Using the Chrome developer panel, I was able to see that when you click “Save” the form is submitted using a GET request ( which is bad – GET shouldn’t be used to update parameters on the server…) to this URL: The check on characters in performed client-side using JavaScript. Probing for command injection vulnerabilitiesįirst, lets try setting the values of various parameters in the interface to characters that have special meanings in the shell: This was not fruitful as the device appears to only listen on port 80. It was also worth scanning to see what ports the device was listening on in case the device was running a known vulnerable service. Looking through the various configuration pages revealed several pages that may be worth probing for command injection vulnerabilities.
#WANSVIEW APP BACKGROUND AUDIO ANDROID#
Once the initial set up using an Android or iPhone is complete the camera presents a web interface on the local network that can be used to configure the device. I imagine the issue is present on other Wansview cameras in the same family as well as clones. The text on the product description page mentioned that the device wouldn’t work if your WiFi password contained the characters & or ‘ – this was a clear indication that the product may not be properly parameterizing values. In addition to adding another camera to my smart home setup (shout out to Home Assistant) I could have fun trying to hack the camera since cheap Internet of Things devices are notoriously insecure. The cost of IP cameras has come down significantly and when I noticed one for sale on Amazon for 30 dollars I decided it was worth a purchase. TLDR: Jump to the exploit code if you just want to get root on your camera. As long as you have a some amount of familiarity with Linux and common tools you should be able to follow along. There are much more advanced toolkits available but this post details a “starting-from-scratch” approach that I took in order to re-familiarize myself with penetration testing. This post is an introduction to penetration testing an IoT device.
0 kommentar(er)
