DIGISOL DG-HR3400 Wireless Router – Cross-Site Scripting

Exploit Database
93 阅读

作者： Adipta Basu

日期： 2018-06-28
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/44955/

# Exploit Title: DIGISOL DG-HR3400 Wireless Router -Cross-Site Scripting
# Date: 2018-06-25
# Vendor Homepage:http://www.digisol.com
# Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W
# Category: Hardware
# Exploit Author: Adipta Basu
# Tested on: Mac OS High Sierra
# CVE: N/A
 
# Reproduction Steps:
 
 - Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
 - Go to --> "General Setup" --> "Wireless" --> "Basic Settings"
 - Open BurpSuite
 - Change the SSID to "Testing" and hit "Apply"
 - Burp will capture the intercepts.
 - Now change the SSID to <script>alert("ADIPTA")</script> and keep APSSID as it is
 - Refresh the page, and you will get the "ADIPTA" pop-up

last Exploits
DIGISOL DG-HR3400 Wireless Router – Cross-Site Scripting的更多信息

Fatwiki (fwiki) 1.0 – Remote File Inclusion：
Supra Smart Cloud TV – ‘openLiveURL()’ Remote File Inclusion：
Cisco Adaptive Security Appliance Software 9.7 – Unauthenticated Arbitrary File Deletion：
Online Railway Reservation System 1.0 – Admin Account Creation (Unauthenticated)：
OpenEMR 5.0.1.3 – (Authenticated) Arbitrary File Actions：
TP-Link TL-WA855RE V5_200415 – Device Reset Auth Bypass：
Grafana <=6.2.4 - HTML Injection：
NPDS CMS REvolution-13 – SQL Injection：