Cgi login

silver163 · August 24, 2011, 1:20am

Hello,

I am trying to do a sales demonstration regarding DVR systems and one of the things that is very common about all DVR systems is that they use the exact same login methods as routers do, Netgear, Linksys, etc which is simply CGI scripts. So it would be:

http://url/cgi-bin/record_camera.cgi
http://url/cgi-bin/login_proc.cgi

If I try to get into a page without logging in get a blank page, no code. When I hit a wrong username it just refreshes. What I have been told is that CGI isn’t all that difficult to break so I am trying to find a way or any resource of how to bypass the login and manipulate the cameras so I can show this to the customer. Can anyone help? I been checking google but haven’t found anything.

All I know is that they are running BOA 0.94.14rc21 webserver.

Their code for logging in:

                        &lt;td width="110" rowspan="2" align="right"&gt;&lt;input type="button" class="btn_login" onclick="auto_submit()" value="LOGIN"&gt;&lt;/td&gt;

                      &lt;/tr&gt;

                      &lt;tr&gt;
                        &lt;td height="22" class="se"&gt;&lt;strong&gt;PASSWORD&lt;/strong&gt;&lt;/td&gt;
                        &lt;td align="center"&gt;&lt;input class="i_text01" name="login_pwd" type="password" type="text" size="15" onKeyPress="if(event.keyCode == '13') check_form();"&gt;&lt;/td&gt;

ralphm · August 24, 2011, 4:29am

What are you actually trying to do here? Upload files to a server? Or alter web pages? Or … [sorry if I’m just missing the obvious ]

Crazybanana · August 24, 2011, 9:16am

So you are doing sales demonstrations of these systems, but need to break in to be able to do this - interesting way of doing business…

silver163 · August 24, 2011, 3:05pm

I am trying to gain access to the .cgi scripts that control the DVR bypassing the login, so essentially where it says login I can bypass it somehow or at least alter the CGI files somehow without having login credentials or a way for me to figure out the user and password.

silver163 · August 24, 2011, 3:06pm

well no, i wouldn’t be trying to sell the same system while at the same time trying to demonstrate its lack of security, that be nonsensical. I am trying to show the insecurity of a rival system, we have a different login method.

Mittineague · August 24, 2011, 3:15pm

Forgive me if I sound harsh, but you want to show that something is not secure based on what you “heard”, but can’t because it’s too secure for you?

IMHO you should give up on trying to show something else’s failings and instead focus on how what you’re selling is secure. i.e. Focus on positives not negatives.

silver163 · August 24, 2011, 3:46pm

I know it is insecure cause I seen it being hacker before problem is that the person isn’t around at the moment and this is pretty critical.

FFCus · August 24, 2011, 6:26pm

For what it’s worth, the code you provided doesn’t show anything except a form. It doesn’t illustrate anything except that you enter a password and click a button that fires the JS function “auto_submit()”.

Not that I think it’ll help, but what is the code of that JS function?

silver163 · August 25, 2011, 2:01am

function status_clock() { theTime = window.setTimeout(“runClock()”, 1000); v - Pastebin.com

that’s the other code, but then is there any other sources of getting access?