- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
UC-HTTPD: IoT Security Cam 1-days / n-days - Local File Disclosure + Buffer Overflow
PoC's here: https://github.com/MLT-0x539/Exploits/tree/main/uc-httpd
mnt/mtd/Config/Account1 == a logfile that shows recently-executed commands in addition to showing the full source code for any files opened on the server-side...
Originally published by my old exploit dev team (Project Insecurity LTD) back in 2017 (wrote 2019 bby accident in the video), prior to this it was an 0day. After we made the PoC public, full disclosure first resulted in mass exploitation by skids, but over time the number of publicly-exposed vuln devices dropped from around 3 million to under 90,000, so it eventually had the intended effect of reducing exposure through means of full disclosure :)
Sadly, it is impossible for the device manufacturers to actually patch these vulns without doing a mass product recall to gain physical access to the devices in order to manually update their firmware.
Видео UC-HTTPD: IoT Security Cam 1-days / n-days - Local File Disclosure + Buffer Overflow канала Bug0xF4
mnt/mtd/Config/Account1 == a logfile that shows recently-executed commands in addition to showing the full source code for any files opened on the server-side...
Originally published by my old exploit dev team (Project Insecurity LTD) back in 2017 (wrote 2019 bby accident in the video), prior to this it was an 0day. After we made the PoC public, full disclosure first resulted in mass exploitation by skids, but over time the number of publicly-exposed vuln devices dropped from around 3 million to under 90,000, so it eventually had the intended effect of reducing exposure through means of full disclosure :)
Sadly, it is impossible for the device manufacturers to actually patch these vulns without doing a mass product recall to gain physical access to the devices in order to manually update their firmware.
Видео UC-HTTPD: IoT Security Cam 1-days / n-days - Local File Disclosure + Buffer Overflow канала Bug0xF4
Комментарии отсутствуют
Информация о видео
29 ноября 2025 г. 5:29:16
00:03:45
Другие видео канала
MESSAGE TO ALL VIEWERS/SUBSCRIBERS: Audio Issues - My current situation/problem (WILL BE FIXED SOON)
OS Command Injection Tutorial (Triggering RCE) - Part #1 (Introduction and Basic Overview)
Accidentally finding a vuln in hackerone while reporting a vuln via hackerone, lol..
IDOR bug affecting TikTok allowing for unauthorized account changes (Bug Bounty Report)
Linux for Beginners: Part 1 - Intro (Terminal Usage, Bash, Package Managers, DE's, Perms/Privs, etc)
Instagram/Facebook SSRF: Cross-Site-Port-Attack (XSPA)
Open Redirect in google.com
Introduction to HTTP (Part #1) -- Basics of HTTP requests/responses, headers, HTTP methods, and more
Microsoft XSS + Cross Site Flashing vulnerabilities
cia.gov DOM-based XSS vulnerability
Salesforce content-forgery PoC
Google RFD (Reflected File Download exploit)
ONE EMOJI TO RULE THEM ALL
Invision Power Board - XSS Zeroday: Admin account takeover
Microsoft/Outlook account lockout bypass via Race Condition leading to Account Takeover
Welcome to Bug0xF4: Your Journey into Cybersecurity Begins Here
InsecurityTube || Blind Cross-Site-Scripting (bXSS) || Tutorial
CNN Interview with TeaMp0isoN "MLT" (aush0k lol) calling TriCk a 'black power-ranger'
HaxJutsu Overview
Link Spoofing 0day for Discord
