D-Link DIR-600M Wireless – Cross-Site Scripting

• Exploit Database
• 125 阅读

• 作者： Prasenjit Kanti Paul
  日期： 2018-03-02
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/44219/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  ######################################################################## # Exploit Title: D-Link DIR-600M Wireless - Persistent Cross Site Scripting # Date: 11.02.2018 # Vendor Homepage:http://www.dlink.co.in # Hardware Link: http://www.dlink.co.in/products/?pid=DIR-600M # Category: Hardware # Exploit Author: Prasenjit Kanti Paul # Web: http://hack2rule.wordpress.com/ # Hardware Version: C1 # Firmware version: 3.01 # Tested on: Linux Mint # CVE: CVE-2018-6936 ##########################################################################   Reproduction Steps:   - Goto your wifi router gateway [i.e: http://192.168.0.1] - Go to --> "Maintainence" --> "Admin" - Create a user with name "<script>alert("PKP")</script>" - Refresh the page and you will be having "PKP" popup   Note: It can also be done by changing SSID name to "<script>alert("PKP")</script>"