TP-Link TL-MR3220 – Cross-Site Scripting

• Exploit Database
• 141 阅读

• 作者： Thiago Sena
  日期： 2017-10-12
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/43023/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

  # Exploit Title: Vulnerability Xss - TP-LINK TL-MR3220 # Date: 12/10/2017 # Exploit Author: Thiago "THX" Sena # Vendor Homepage: http://www.tp-link.com.br # Version: TL-MR3220 # Tested on: Windows 10 # CVE : CVE-2017-15291   Vulnerabilty: Cross-site scripting (XSS) in TP-LINK TL-MR3220 cve: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15291 ---------------------------------------------------------------   PoC:   0x01 - First you go to ( http://IP:PORT/ )   0x02 - In the &apos;Wireless MAC Filtering&apos; tab.   0x03 - Will add a new MAC Address.   0x04 - In &apos;Description&apos; it will put the script ( <script>alert(&apos;XSS&apos;)</script> ) and complete the registration.   0x05 - Xss Vulnerability   --------------------------------------------------------------