DIGISOL DG-HR3400 Wireless Router – Cross-Site Scripting

Exploit Database
35 阅读

作者： Adipta Basu

日期： 2018-06-28
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/44955/

# Exploit Title: DIGISOL DG-HR3400 Wireless Router -Cross-Site Scripting
# Date: 2018-06-25
# Vendor Homepage:http://www.digisol.com
# Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W
# Category: Hardware
# Exploit Author: Adipta Basu
# Tested on: Mac OS High Sierra
# CVE: N/A
 
# Reproduction Steps:
 
 - Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
 - Go to --> "General Setup" --> "Wireless" --> "Basic Settings"
 - Open BurpSuite
 - Change the SSID to "Testing" and hit "Apply"
 - Burp will capture the intercepts.
 - Now change the SSID to <script>alert("ADIPTA")</script> and keep APSSID as it is
 - Refresh the page, and you will get the "ADIPTA" pop-up

last Exploits
DIGISOL DG-HR3400 Wireless Router – Cross-Site Scripting的更多信息

ImpressCMS v1.4.3 – Authenticated SQL Injection：
E-membres 1.0 – Remote Database Disclosure：
Radiant CMS 1.1.3 – Multiple Persistent Cross-Site Scripting Vulnerabilities：
The Pacer Edition CMS 2.1 – ’email’ Cross-Site Scripting：
Simple Library Management System 1.0 – ‘rollno’ SQL Injection：
Pars Design CMS – Arbitrary File Upload：
Sophos XG115w Firewall 17.0.10 MR-10 – Authentication Bypass：
Sielco PolyEco Digital FM Transmitter 2.0.6 – Authentication Bypass Exploit：