MikroTik RouterOS 6.36.2 Cross Site Scripting

2016.11.13
Credit: Nassim Asrir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Title: RouterOS v6.36.2 - Cross Site Scripting Type: Local/Remote Author: Nassim Asrir Author Company: HenceForth Risk: (3/5) Release Date: 11.11.2016 Summary: MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware. It can also be installed on a PC and will turn it into a router with all the necessary features - routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more. Vendor: http://www.mikrotik.com/ Affected Version: v6.36.2 Tested On: Linux // Dist (Bugtraq 2) Vendor Status: I told them and i wait for the answer. PoC: -Using this Vulnerability we can inject a javascript code but to test this vulnerability you must to login in the router Configurations and when you login then you can test the XSS like this: * http://routerip/webfig/#"><script>alert("XSSED By Nassim Asrir");</script> Credits: Vulnerability discovered by Nassim Asrir - <wassline@gmail.com>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top