Dreambox Plugin BouquetEditor – Cross-Site Scripting

Exploit Database
90 阅读

作者： Thiago Sena

日期： 2017-10-12
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/42986/

# Exploit Title: Vulnerability XSS - Dreambox
# Shodan Dork: Dreambox 200 
# Date: 12/10/2017
# Exploit Author: Thiago "THX" Sena
# Vendor Homepage: https://www.dreamboxupdate.com
# Version: 2.0.0
# Tested on: kali linux, windows 7, 8.1, 10
# CVE : CVE-2017-15287

Vulnerabilty: Cross-site scripting (XSS) in plugin BouquetEditor

---------------------------------------------------------------

PoC: 

- First you go to ( http://IP:PORT/bouqueteditor/ )

- Then you go to the Bouquets tab, add a new bouquet

- Then put the script (<script>alert(1)</script>)

- Xss Vulnerability

last Exploits
Dreambox Plugin BouquetEditor – Cross-Site Scripting的更多信息

Free Hosting Manager 2.0.2 – Multiple SQL Injections：
Microsoft SharePoint 2013 (Cloud) – Persistent Exception Handling (MS13-067)：
ADOdb < 4.71 - Cross Site Scripting：
Neturf eCommerce Shopping Cart – ‘searchFor’ Cross-Site Scripting：
Maian Uploader 4.0 – ‘user’ SQL Injection：
PnPSCADA v2.x – Unauthenticated PostgreSQL Injection：
Groupon Clone Script 3.01 – ‘catid’ SQL Injection：
Subrion CMS 4.2.1 – Cross-Site Scripting：