32f471140a
18 changes to exploits/shellcodes Microsoft people 10.1807.2131.0 - Denial of service (PoC) GNU glibc < 2.27 - Local Buffer Overflow UltraISO 9.7.1.3519 - Buffer Overflow (SEH) JBoss 4.2.x/4.3.x - Information Disclosure Git < 2.17.1 - Remote Code Execution FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH) Monstra CMS 3.0.4 - Remote Code Execution OpenDaylight - SQL Injection Tenda ADSL Router D152 - Cross-Site Scripting Pivotal Spring Java Framework < 5.0 - Remote Code Execution
15 lines
No EOL
668 B
Text
15 lines
No EOL
668 B
Text
# Exploit Title: Tenda D152 ADSL Router - Cross-Site Scripting
|
|
# Exploit Author: Sandip Dey
|
|
# Date: 2018-07-21
|
|
# Vendor Homepage: http://www.tendacn.com
|
|
# Hardware Link: https://www.amazon.in/Tenda-D152-ADSL2-Modem-Router/dp/B00IM8CWTE/ref=sr_1_fkmr0_1?ie=UTF8&qid=1536170904&sr=8-1-fkmr0&keywords=Tenda+D152+ADSL+router
|
|
# Category: Hardware
|
|
# Tested on: Windows 8.1
|
|
# CVE: CVE-2018-14497
|
|
|
|
# Reproduction Steps:
|
|
|
|
Goto your Wifi Router Gateway [i.e: http://Target]
|
|
Go to --> "General Setup" --> "Wireless" --> "Basic Settings
|
|
Now change the SSID to <script>alert("Sandip")</script> and hit apply
|
|
Refresh the page, and you will get the "Sandip" pop-up |