Ubee EVW3200 – Multiple Persistent Cross-Site Scripting Vulnerabilities

• Exploit Database
• 34 阅读

• 作者： Jeroen - IT Nerdbox
  日期： 2014-03-13
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/32237/

• # Exploit Title: Ubee EVW3200 - Multiple Persistent Cross Site Scripting
  
  # Google Dork: N/A
  
  # Date: 02-03-2014
  
  # Exploit Author: Jeroen - IT Nerdbox
  
  # Vendor Homepage: http://www.ubeeinteractive.com/
  
  # Software Link:
  http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20
  
  # Version: All
  
  # Tested on: N/A
  
  # CVE : N/A
  
  #
  
  ## Description:
  
  #
  
  # The SSID and Device name settings in the wireless configuration do not
  sanitize their input.
  
  #
  
  # The VPN Tunnel name is also vulnerable for persistent XSS
  
  #
  
  ## PoC:
  
  #
  
  # Entering the following payload in one of these fields will execute
  javascript:
  
  #
  
  #"><input onmouseover=prompt(1)>or "><button
  onclick=prompt(1)>XSS</button>
  
  # 
  
  #
  
  # More information can be found at:
  http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/