Ubee EVW3200 – Multiple Persistent Cross-Site Scripting Vulnerabilities

• Exploit Database
• 122 阅读

• 作者： Jeroen - IT Nerdbox
  日期： 2014-03-13
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/32237/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

  # Exploit Title: Ubee EVW3200 - Multiple Persistent Cross Site Scripting   # Google Dork: N/A   # Date: 02-03-2014   # Exploit Author: Jeroen - IT Nerdbox   # Vendor Homepage: http://www.ubeeinteractive.com/   # Software Link: http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20   # Version: All   # Tested on: N/A   # CVE : N/A   #   ## Description:   #   # The SSID and Device name settings in the wireless configuration do not sanitize their input.   #   # The VPN Tunnel name is also vulnerable for persistent XSS   #   ## PoC:   #   # Entering the following payload in one of these fields will execute javascript:   #   #"><input onmouseover=prompt(1)>or "><button onclick=prompt(1)>XSS</button>   #   #   # More information can be found at: http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/