Lucene search
Semen Lyhin1337DAY-ID-32523HistoryApr 10, 2019 - 12:00 a.m.
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting Vulnerability
2019-04-1000:00:00
Semen Lyhin
0day.today
26
0.001 Low
EPSS
Percentile
39.5%
Exploit for hardware platform in category web applications
# Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524
# Exploit Author: Semen Alexandrovich Lyhin (https://www.linkedin.com/in/semenlyhin/)
# Vendor Homepage: https://www.dlink.com
# Version: D-Link DI-524 - V2.06RU
# CVE : CVE-2019-11017
To re-create Reflected XSS vulnerability, log in to the Web Configuration (default credentials are: "admin":"" without double quotes), and send GET request to the router with malformed vulnerable parameter:
http://$IP/cgi-bin/[emailΒ protected]%22-$PAYLOAD-%22&rd=x&SEO=o&AC=O&SnO=1&SHO=2&StO=1&SpO=1&SPO=1
Where $IP may be equal to "192.168.0.1", $PAYLOAD may be equal to "alert(document.location)".
Stored XSS's were found in web forms on pages /spap.htm, /smap.htm. To inject malicious JavaScript to victim's webpage, an attacker should authorize on the router, then put a payload to any of the vulnerable forms, and wait, until victim opens router's web interface and goes to vulnerable page.
I haven't tested all the admin panel of the router, so I can guess that there are other XSS vulnerabilities in this router.
# 0day.today [2019-04-12] #Related
nvd
nvd
CVE-2019-11017
2019-04-18 18:29:00
prion
prion
Cross site scripting
2019-04-18 18:29:00
exploitpack
exploitpack
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting
2019-04-10 00:00:00
checkpoint_advisories
checkpoint_advisories
D-Link DI-524 Cross-Site Scripting (CVE-2019-11017)
2019-04-16 00:00:00
cvelist
cvelist
CVE-2019-11017
2019-04-18 17:54:02
packetstorm
packetstorm
D-Link DI-524 2.06RU Cross Site Scripting
2019-04-10 00:00:00
cve
cve
CVE-2019-11017
2019-04-18 18:29:00
exploitdb
exploitdb
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting
2019-04-10 00:00:00