If the server echoes the result, an attacker can read /etc/passwd , download configurations, or even reboot the device. The keyword string view+index+shtml+camera often precedes such injection attempts in log files.
<!--#include file="header.html" -->
<!-- Advanced: Displaying the hostname of the server --> <p>Server Hostname: <!--#exec cmd="hostname" --> </p> </body> </html> view+index+shtml+camera
If the server echoes the result, an attacker can read /etc/passwd , download configurations, or even reboot the device. The keyword string view+index+shtml+camera often precedes such injection attempts in log files.
<!--#include file="header.html" -->
<!-- Advanced: Displaying the hostname of the server --> <p>Server Hostname: <!--#exec cmd="hostname" --> </p> </body> </html>