d8206fb5eb
13 changes to exploits/shellcodes KVM (Nested Virtualization) - L1 Guest Privilege Escalation DIGISOL DG-BR4000NG - Buffer Overflow (PoC) Foxit Reader 9.0.1.1049 - Remote Code Execution WordPress Plugin iThemes Security < 7.0.3 - SQL Injection phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1) phpMyAdmin 4.8.1 - Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2) WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Cross-Site Request Forgery (Add Admin) DIGISOL DG-BR4000NG - Cross-Site Scripting Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser) AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password) Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Arbitrary File Upload WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
20 lines
No EOL
798 B
Text
20 lines
No EOL
798 B
Text
# Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting
|
||
# Date: 2018-06-24
|
||
# Vendor Homepage: http://www.digisol.com
|
||
# Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK
|
||
# Category: Hardware
|
||
# Exploit Author: Adipta Basu
|
||
# Contact : https://www.facebook.com/AdiptaBasu
|
||
# Web: https://hackings8n.blogspot.com
|
||
# Tested on: Mac OS High Sierra
|
||
# CVE: CVE-2018-12705
|
||
|
||
# Reproduction Steps:
|
||
|
||
- Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
|
||
- Go to --> "General Setup" --> "Wireless" --> "Basic Settings"
|
||
- Open BurpSuite
|
||
- Change the SSID to "Testing" and hit "Apply"
|
||
- Burp will capture the intercepts.
|
||
- Now change the SSID to <script>alert("ADIPTA")</script>
|
||
- Refresh the page, and you will get the "ADIPTA" pop-up |