Linksys EA7500 2.0.8.194281 – Cross-Site Scripting

• Exploit Database
• 11 阅读

• 作者： MiningOmerta
  日期： 2021-03-25
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/49708/

• # Exploit Title: Linksys EA7500 2.0.8.194281 - Cross-Site Scripting 
  # Date: 3/24/21
  # Exploit Author: MiningOmerta
  # Vendor Homepage: https://www.linksys.com/
  # Version: EA7500 Firmware Version: 2.0.8.194281
  # CVE: CVE-2012-6708
  # Tested On: Linksys EA7500 (jQuery version 1.7.1)
  
  # Cross-Site Scripting Vulnerability on modern versions of Linksys Smart-Wifi home routers. 
  # Caused by outdated jQuery(strInput) version : <= 1.7.1(Fixed in version 1.9.0)
  # Credit also to Reddit user michael1026
  
  ###
  POC
  ###
  
  1. When logging into the router (http://LHOST or http://LHOST:10080), choose "Click Here" 
   next to "Dont Have an Account? " or Choose "click here" after "To login with your Linksys Smart Wi-Fi account", 
   you will be redirected with a login prompt with both Email Address and Password forms. 
  
  2. Make your email address "<img src=0 onerror=alert(XSS)>" without the double quotes. 
  
  3. Payload will be triggered when mouse is clicked anywhere within the Email Address form box or when form is submitted.