Solar-Log 200 PM+ 3.6.0 Build 99 – 15.10.2019 – Stored XSS

Exploit Database
47 阅读

作者： Vincent McRae, Mesut Cetin

日期： 2024-03-05
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/51857/

# Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel
# Date: 10-30-23
# Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security
# Vendor Homepage: https://www.solar-log.com/en/
# Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019
# Tested on: Proprietary devices: https://www.solar-log.com/en/support/firmware/
# CVE: CVE-2023-46344

# POC:

1. Go to solar panel
2. Go to configuration -> Smart Energy -> "drag & drop" button.
3. Change "name" to: <xss onmouseenter="alert(document.cookie)"
style=display:block>test</xss>
4. Once you hover over "test", you get XSS -> if a higher privileged
user hovers over it, we can get their cookies.

last Exploits
Solar-Log 200 PM+ 3.6.0 Build 99 – 15.10.2019 – Stored XSS的更多信息

Bang Resto v1.0 – Stored Cross-Site Scripting (XSS)：
WSO2 Carbon / WSO2 Dashboard Server 5.3.0 – Persistent Cross-Site Scripting：
Tele Data’s Contact Management Server 0.9 – ‘Username’ SQL Injection：
Alfresco 5.2.4 – Persistent Cross-Site Scripting：
Scriptcase 9.7 – Remote Code Execution (RCE)：
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 – ‘ticketreply.php’ SQL Injection：
Oracle WebLogic – POST Session Fixation：
PHP Ticket System Beta 1 – ‘get_all_created_by_user.php?id’ SQL Injection：