SaLICru -SLC-20-cube3(5) HTML Injection

2019-04-05T00:00:00
ID PACKETSTORM:152435
Type packetstorm
Reporter Ramikan
Modified 2019-04-05T00:00:00

Description

                                        
                                            `# Exploit Title: Reflected HTML Injection  
# Google Dork: None  
# Date: 16/12/2015  
# Exploit Author: Ramikan  
# Vendor Homepage:https://www.salicru.com/en/  
# Software Link: N/A  
# Version: Tested on SaLICru -SLC-20-cube3(5).  
# Firmware: cs121-SNMP v4.54.82.130611  
# CVE : CVE-2019-10887  
# Category:Web Apps  
  
  
Vulnerability: Reflected HTML Injection  
Vendor Web site:   
Version tested:cs121-SNMP v4.54.82.130611   
Solution: N/A  
Note:Default credential:admin/admin or admin/cs121-snmp  
Victim need to be authenticated in order to get affected by this.  
  
  
Vulnerability 1:Refelected HTML Injection  
  
Affected URL:  
  
/DataLog.csv?log=  
/AlarmLog.csv?log=  
/waitlog.cgi?name=  
/chart.shtml?data=  
/createlog.cgi?name=  
  
Affected Parameter: log, name, data  
  
Payload: <h1>HTML Injection</h1>  
`