Personal Fav. #2:
Persistent XSS on logs page
çReal example: Axis 2100 IP cameras [link]
¼Tested on firmware <= 2.43
çAttacker sends malformed HTTP request to the camera’s web server (no password is required by the attacker)
çWhen admin visits logs page the payload could:
¼Add a new admin backdoor account
¼Steal passwords file
¼Hijack video stream