bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/cgi/webapps/48040.txt
Offensive Security ea7a01d8fb DB: 2020-02-12 
18 changes to exploits/shellcodes

Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)

Sudo 1.8.25p - Buffer Overflow
Torrent iPod Video Converter 1.51 - Stack Overflow
DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow
freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path
FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path
Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path
DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow
Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path
Disk Savvy Enterprise 12.3.18 - Unquoted Service Path
Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution
Microsoft SharePoint - Deserialization Remote Code Execution
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
2020-02-12 05:01:58 +00:00

23 lines
No EOL
1.5 KiB
Text
Raw Blame History

# Exploit Title: CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
# Google Dork: In Shodan search engine, the filter is "CHIYU"
# Date: 2020-02-11
# Exploit Author: Luca.Chiou
# Vendor Homepage: https://www.chiyu-t.com.tw/en/
# Version: BF430 232/485 TCP/IP Converter all versions prior to 1.16.00
# Tested on: It is a proprietary devices: https://www.chiyu-t.com.tw/en/product/rs485-to-tcp_ip-converter_BF-430.html
# CVE: CVE-2020-8839
# 1. Description:
# In CHIYU BF430 web page,
# user can modify the system configuration by access the /if.cgi.
# Attackers can inject malicious XSS code in "TF_submask" field.
# The XSS code will be stored in the database, so that causes a stored XSS vulnerability.
# 2. Proof of Concept:
# Access the /if.cgi of CHIYU BF430 232/485 TCP/IP Converter.
# Injecting the XSS code in parameter “TF_submask”:
# http://<Your Modem IP>/if.cgi?TF_submask=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E
==---------------------------------------------------------------
This email contains information that is for the sole use of the intended recipient and may be confidential or privileged. If you are not the intended recipient, note that any disclosure, copying, distribution, or use of this email, or the contents of this email is prohibited. If you have received this email in error, please notify the sender of the error and delete the message. Thank you.
---------------------------------------------------------------==!!
Reference in a new issue View git blame Copy permalink