18 lines
No EOL
533 B
Text
18 lines
No EOL
533 B
Text
# Exploit Title: Logitech Media Server : HTML code injection and execution.
|
|
# Shodan Dork: Search Logitech Media Server
|
|
# Date: 11/03/2017
|
|
# Exploit Author: Dewank Pant
|
|
# Vendor Homepage: www.logitech.com
|
|
# Version: 7.9.0
|
|
# Tested on: Windows 10, Linux
|
|
# CVE : Applied For.
|
|
|
|
|
|
|
|
POC:
|
|
|
|
1. Access and go to the Radio URL tab and add a new URL.
|
|
2. Add script as the value of the field.
|
|
3. Payload : <script> alert(1)</script>
|
|
4. Script saved and gives an image msg with a javascript execution on image click.
|
|
5. Therefore, Persistent XSS. |