ba1d29bdd6
13 changes to exploits/shellcodes SEGGER embOS/IP FTP Server 3.22 - Denial of Service DualDesk 20 - 'Proxy.exe' Denial of Service Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak Apple iOS - '.pdf' Local Privilege Escalation 'Jailbreak' Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow 'Jailbreak' ASX to MP3 Converter 1.82.50 - '.asx' Local Stack Overflow ASX to MP3 Converter 1.82.50 (Windows XP SP3) - '.asx' Local Stack Overflow Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader) Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'namedobj ' Kernel Loader IrfanView 4.44 Email Plugin - Buffer Overflow (SEH) IrfanView 4.50 Email Plugin - Buffer Overflow (SEH Unicode) Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC) Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC) ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation 'Jailbreak' Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55) Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' WebKit 5.01 / 'bpf' Kernel Loader 4.55 TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Joomla! 3.7 - SQL Injection Posnic Stock Management System - SQL Injection WordPress Plugin Polls 1.2.4 - SQL Injection (PoC) WordPress Plugin UPM-POLLS 1.0.4 - Blind SQL Injection WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection D-Link DIR-600M Wireless - Cross-Site Scripting uWSGI < 2.0.17 - Directory Traversal
22 lines
No EOL
888 B
Text
22 lines
No EOL
888 B
Text
########################################################################
|
|
# Exploit Title: D-Link DIR-600M Wireless - Persistent Cross Site Scripting
|
|
# Date: 11.02.2018
|
|
# Vendor Homepage: http://www.dlink.co.in
|
|
# Hardware Link: http://www.dlink.co.in/products/?pid=DIR-600M
|
|
# Category: Hardware
|
|
# Exploit Author: Prasenjit Kanti Paul
|
|
# Web: http://hack2rule.wordpress.com/
|
|
# Hardware Version: C1
|
|
# Firmware version: 3.01
|
|
# Tested on: Linux Mint
|
|
# CVE: CVE-2018-6936
|
|
##########################################################################
|
|
|
|
Reproduction Steps:
|
|
|
|
- Goto your wifi router gateway [i.e: http://192.168.0.1]
|
|
- Go to --> "Maintainence" --> "Admin"
|
|
- Create a user with name "<script>alert("PKP")</script>"
|
|
- Refresh the page and you will be having "PKP" popup
|
|
|
|
Note: It can also be done by changing SSID name to "<script>alert("PKP")</script>" |