[Part 1] FUTURE TECHNOLOGIES AI IOT FOURTH INDUSTRIAL REVOLUTION SECURITY CAMERA

[Part 1] FUTURE TECHNOLOGIES AI IOT FOURTH INDUSTRIAL REVOLUTION SECURITY CAMERA

Category: Web

63 points | 44 solves

Challenge Description

In our recent investigations, Siebersec got hold of a

FUTURE TECHNOLOGIES AI IOT FOURTH INDUSTRIAL REVOLUTION SECURITY CAMERA .

We suspect that it's yet another one of those vulnerable IoT devices with a web interface that's basically asking to be attacked.

Try logging in as a camera viewer.

Attached files

  • link to webpage

Solution

Visiting this link takes us to a login page.

Screenshot of login page

This seems like a prime target for an SQL injection, and it is indeed: By entering ' or 1=1;-- in the password field, we can easily bypass the login and access the camera page containing the flag.

Screenshot 2021-12-28 at 15-33-27 FUTURE TECHNOLOGIES CAMERA

Flag

IRS{w4y_t00_eZ_1nJ3c710n}

Part 2 >

Home / Sieberrsec 2021 / Web / [Part 1] FUTURE TECHNOLOGIES AI IOT FOURTH INDUSTRIAL REVOLUTION SECURITY CAMERA