SaLICru -SLC-20-cube3(5) – HTML Injection

Exploit Database
98 阅读

作者： Ramikan

日期： 2019-04-08
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/46667/

# Exploit Title: Reflected HTML Injection
# Google Dork: None
# Date: 16/12/2015
# Exploit Author: Ramikan
# Vendor Homepage:https://www.salicru.com/en/
# Software Link: N/A
# Version: Tested on SaLICru -SLC-20-cube3(5).
# Firmware: cs121-SNMP v4.54.82.130611
# CVE : CVE-2019-10887
# Category:Web Apps


Vulnerability: Reflected HTML Injection
Vendor Web site: 
Version tested:cs121-SNMP v4.54.82.130611 
Solution: N/A
Note:Default credential:admin/admin or admin/cs121-snmp
Victim need to be authenticated in order to get affected by this.


Vulnerability 1:Refelected HTML Injection

Affected URL:

/DataLog.csv?log=
/AlarmLog.csv?log=
/waitlog.cgi?name=
/chart.shtml?data=
/createlog.cgi?name=

Affected Parameter: log, name, data

Payload: <h1>HTML Injection</h1>

last Exploits
SaLICru -SLC-20-cube3(5) – HTML Injection的更多信息

Joomla! Component JGen 0.9.33 – SQL Injection：
Joomla! Component WMI 1.5.0 – Local File Inclusion：
GetSimple CMS v3.3.16 – Remote Code Execution (RCE)：
BoutikOne – ‘categorie.php?path’ SQL Injection：
Optergy 2.3.0a – Remote Code Execution (Backdoor)：
WolfCMS 0.8.3.1 – Open Redirection：
Scripts Genie Classified Ultra – SQL Injection / Cross-Site Scripting：
Sphider 1.3.x – Admin Panel Multiple SQL Injections：