Lucene search
MiningOmertaPACKETSTORM:161972HistoryMar 25, 2021 - 12:00 a.m.
Linksys EA7500 2.0.8.194281 Cross Site Scripting
2021-03-2500:00:00
MiningOmerta
packetstormsecurity.com
542
`# Exploit Title: Linksys EA7500 2.0.8.194281 - Cross-Site Scripting
# Date: 3/24/21
# Exploit Author: MiningOmerta
# Vendor Homepage: https://www.linksys.com/
# Version: EA7500 Firmware Version: 2.0.8.194281
# CVE: CVE-2012-6708
# Tested On: Linksys EA7500 (jQuery version 1.7.1)
# Cross-Site Scripting Vulnerability on modern versions of Linksys Smart-Wifi home routers.
# Caused by outdated jQuery(strInput) version : <= 1.7.1 (Fixed in version 1.9.0)
# Credit also to Reddit user michael1026
###
POC
###
1. When logging into the router (http://LHOST or http://LHOST:10080), choose "Click Here"
next to "Dont Have an Account? " or Choose "click here" after "To login with your Linksys Smart Wi-Fi account",
you will be redirected with a login prompt with both Email Address and Password forms.
2. Make your email address "<img src=0 onerror=alert(XSS)>" without the double quotes.
3. Payload will be triggered when mouse is clicked anywhere within the Email Address form box or when form is submitted.
`
Related
f5
f5
K62532311 : jQuery vulnerability CVE-2012-6708
2018-11-28 00:00:00
debiancve
debiancve
CVE-2012-6708
2018-01-18 23:29:00
nessus
nessus
F5 Networks BIG-IP : jQuery vulnerability (K62532311)
2019-05-29 00:00:00
JQuery < 1.9.0 XSS
2020-03-31 00:00:00
zdt
zdt
Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Vulnerability
2021-03-24 00:00:00
github
github
Cross-Site Scripting in jquery
2020-09-01 16:41:46
prion
prion
Cross site scripting
2018-01-18 23:29:00
osv
osv
CVE-2012-6708
2018-01-18 23:29:00
Cross-Site Scripting in jquery
2020-09-01 16:41:46
cve
cve
CVE-2012-6708
2018-01-18 23:29:00
CVE-2017-16011
2018-06-04 19:29:00
openvas
openvas
jQuery < 1.9.0 XSS Vulnerability
2018-11-01 00:00:00
openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:0395-1)
2020-03-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0737-1)
2021-04-19 00:00:00
redhatcve
redhatcve
CVE-2012-6708
2020-04-08 21:22:26
alpinelinux
alpinelinux
CVE-2012-6708
2018-01-18 23:29:00
ubuntucve
ubuntucve
CVE-2012-6708
2018-01-18 00:00:00
exploitdb
exploitdb
Linksys EA7500 2.0.8.194281 - Cross-Site Scripting
2021-03-25 00:00:00
fortinet
fortinet
Protect
2019-04-10 00:00:00
archlinux
archlinux
[ASA-201910-4] ruby-rdoc: cross-site scripting
2019-10-02 00:00:00
[ASA-201910-5] ruby2.5: multiple issues
2019-10-02 00:00:00
hackerone
hackerone
Ruby: Ruby is shipping a vulnerable jQuery
2019-03-30 14:10:34
freebsd
freebsd
RDoc -- multiple jQuery vulnerabilities
2019-08-28 00:00:00
ibm
ibm
suse
suse
Recommended update for ruby2.5 (important)
2020-03-28 00:00:00
kitploit
kitploit
amazon
amazon
Important: ruby24
2020-08-26 23:09:00
ics
ics
Pepperl+Fuchs WirelessHART-Gateway
2022-04-07 12:00:00
Related for PACKETSTORM:161972