e774c1d169
6 changes to exploits/shellcodes Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2) GNU gdbserver 9.2 - Remote Command Execution (RCE) Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure Webrun 3.6.0.42 - 'P_0' SQL Injection Bus Pass Management System 1.0 - 'Search' SQL injection FLEX 1085 Web 1.6.0 - HTML Injection
53 lines
No EOL
1.3 KiB
Text
53 lines
No EOL
1.3 KiB
Text
# Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection
|
|
# Date: 2021-11-21
|
|
# Exploit Author: Mr Empy
|
|
# Vendor Homepage: https://www.tem.ind.br/
|
|
# Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94
|
|
# Version: 1.6.0
|
|
# Tested on: Android
|
|
|
|
|
|
Title:
|
|
================
|
|
FLEX 1085 Web - HTML Injection
|
|
|
|
Summary:
|
|
================
|
|
The FLEX 1085 Web appliance is vulnerable to an HTML injection attack that
|
|
allows the injection of arbitrary HTML code.
|
|
|
|
|
|
Severity Level:
|
|
================
|
|
5.3 (Medium)
|
|
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
|
|
|
|
|
Vulnerability Disclosure Schedule:
|
|
============================
|
|
* October 19, 2021: An email was sent to support at 6:08MP.
|
|
|
|
* November 20, 2021: I didn't get any response from support.
|
|
|
|
* November 21, 2021: Vulnerability Disclosure
|
|
|
|
|
|
Affected Product:
|
|
================
|
|
FLEX 1085 Web v1.6.0
|
|
|
|
|
|
Steps to Reproduce:
|
|
================
|
|
|
|
1. Open your browser and search for your device's IP address (http://<IP>).
|
|
|
|
2. Log in to the device's dashboard and go to "WiFi".
|
|
|
|
3. Use another device that has an access point and create a Wi-Fi network
|
|
called "<h1>HTML Injection</h1>" (no double quotes) and activate the access
|
|
point. (https://prnt.sc/20e4y88)
|
|
|
|
4. Go back to the FLEX device and when scanning the new WiFi networks, the
|
|
new network will appear written "HTML Injection" in bold and with a larger
|
|
font size. (http://prnt.sc/20e51li) |