TP-Link TL-MR3220 – Cross-Site Scripting

• Exploit Database
• 33 阅读

• 作者： Thiago Sena
  日期： 2017-10-12
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/43023/

• # Exploit Title: Vulnerability Xss - TP-LINK TL-MR3220
  # Date: 12/10/2017
  # Exploit Author: Thiago "THX" Sena
  # Vendor Homepage: http://www.tp-link.com.br
  # Version: TL-MR3220
  # Tested on: Windows 10
  # CVE : CVE-2017-15291
  
  Vulnerabilty: Cross-site scripting (XSS) in TP-LINK TL-MR3220
  cve: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15291
  ---------------------------------------------------------------
  
  PoC: 
  
  0x01 - First you go to ( http://IP:PORT/ )
  
  0x02 - In the 'Wireless MAC Filtering' tab. 
  
  0x03 - Will add a new MAC Address.
  
  0x04 - In 'Description' it will put the script ( <script>alert('XSS')</script> ) and complete the registration. 
  
  0x05 - Xss Vulnerability
  
  --------------------------------------------------------------