TP-Link TL-WR740N – Cross-Site Scripting

Exploit Database
105 阅读

作者： bl00dy

日期： 2017-11-16
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/43148/

# Exploit Title: XSS Vuln - TP-LINK TL-WR740N
# Date: 15/11/2017
# Exploit Author: bl00dy
# Vendor Homepage: http://www.tp-link.com <http://www.tp-link.com.br/>
# Version: TP-LINK TL-WR740N - 3.17.0 Build 140520 Rel.75075n
# Tested on: Windows 8.1

Cross-site scripting (XSS) in TP-LINK TL-WR740N

______________________________________________________

Proof of Concept:

1. Go to your wireless router ip (ex. 192.168.0.1)

2. Go to Wireless and -Wireless MAC Filtering- tab

3. Click Add new button

5.Write random MAC Address and in -Description- write (<h1>XSS by
bl00dy</h1>)

6.Click save and you will see XSS in Wireless MAC Filtering tab
______________________________________________________

last Exploits
TP-Link TL-WR740N – Cross-Site Scripting的更多信息

LuxCal Web Calendar 2.4.2/2.5.0 – SQL Injection：
SonicWALL Scrutinizer 9.5.2 – SQL Injection：
PmWiki 2.2.34 – ‘pagelist’ Remote PHP Code Injection (1)：
Emby MediaServer 3.2.5 – Directory Traversal：
memcache-viewer – Cross-Site Scripting：
WordPress Plugin Global Content Blocks 2.1.5 – Cross-Site Request Forgery：
D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities：
whCMS 0.115 – Cross-Site Request Forgery：