Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: axis1.htm

Axis 700 Network Scanner (Software Version 1.12) - Get Admin URLs without logon!

    Axis 700 Network Scanner


    Axis 700 Network Scanner (Software Version 1.12)


    Ian  Vitek  posted   following  (Infosec  Security   Vulnerability
    Report).  By modifying an URL, outsiders can access  administrator
    URLs  without   entering  username   and  password.    Threat   is
    unauthorized access.

    User pages are located under


    The URL to the configuration page is:


    This page is password  protected.  The actual  configuration takes
    place on the pages linked from this page.  By changing the URL to:


    gives  an  outsider  access  to  the  configuration  page  without
    entering username and password.  The server seems to check  access
    permissions before URL conversion.  The server also decodes %1u to
    %2e (not a vulnerability).


    Version 1.14  should fix  this vulnerability.   Infosec recommends
    everyone to try to access their authorized pages with URLs as:


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH