23f668ca8d
14 changes to exploits/shellcodes FlexHEX 2.71 - SEH Buffer Overflow (Unicode) AllPlayer 7.4 - SEH Buffer Overflow (Unicode) River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation QNAP Netatalk < 3.1.12 - Authentication Bypass Jobgator - 'experience' SQL Injection Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities SaLICru -SLC-20-cube3(5) - HTML Injection CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting Tradebox CryptoCurrency - 'symbol' SQL Injection WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass ManageEngine ServiceDesk Plus 9.3 - User Enumeration
33 lines
No EOL
800 B
Text
33 lines
No EOL
800 B
Text
# Exploit Title: Reflected HTML Injection
|
|
# Google Dork: None
|
|
# Date: 16/12/2015
|
|
# Exploit Author: Ramikan
|
|
# Vendor Homepage:https://www.salicru.com/en/
|
|
# Software Link: N/A
|
|
# Version: Tested on SaLICru -SLC-20-cube3(5).
|
|
# Firmware: cs121-SNMP v4.54.82.130611
|
|
# CVE : CVE-2019-10887
|
|
# Category:Web Apps
|
|
|
|
|
|
Vulnerability: Reflected HTML Injection
|
|
Vendor Web site:
|
|
Version tested:cs121-SNMP v4.54.82.130611
|
|
Solution: N/A
|
|
Note:Default credential:admin/admin or admin/cs121-snmp
|
|
Victim need to be authenticated in order to get affected by this.
|
|
|
|
|
|
Vulnerability 1:Refelected HTML Injection
|
|
|
|
Affected URL:
|
|
|
|
/DataLog.csv?log=
|
|
/AlarmLog.csv?log=
|
|
/waitlog.cgi?name=
|
|
/chart.shtml?data=
|
|
/createlog.cgi?name=
|
|
|
|
Affected Parameter: log, name, data
|
|
|
|
Payload: <h1>HTML Injection</h1> |