53 lines
816 B
Text
53 lines
816 B
Text
# Exploit Title: Ubee EVW3200 - Multiple Persistent Cross Site Scripting
|
|
|
|
# Google Dork: N/A
|
|
|
|
# Date: 02-03-2014
|
|
|
|
# Exploit Author: Jeroen - IT Nerdbox
|
|
|
|
# Vendor Homepage: http://www.ubeeinteractive.com/
|
|
|
|
# Software Link:
|
|
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20
|
|
|
|
# Version: All
|
|
|
|
# Tested on: N/A
|
|
|
|
# CVE : N/A
|
|
|
|
#
|
|
|
|
## Description:
|
|
|
|
#
|
|
|
|
# The SSID and Device name settings in the wireless configuration do not
|
|
sanitize their input.
|
|
|
|
#
|
|
|
|
# The VPN Tunnel name is also vulnerable for persistent XSS
|
|
|
|
#
|
|
|
|
## PoC:
|
|
|
|
#
|
|
|
|
# Entering the following payload in one of these fields will execute
|
|
javascript:
|
|
|
|
#
|
|
|
|
# "><input onmouseover=prompt(1)> or "><button
|
|
onclick=prompt(1)>XSS</button>
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# More information can be found at:
|
|
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/
|
|
|