[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Vulnerability

Author
Dewank Pant
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-28963
Category
web applications
Date add
06-11-2017
CVE
CVE-2017-16568
Platform
multiple
# Exploit Title: Logitech Media Server : HTML code injection and execution.
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: www.logitech.com
# Version: 7.9.0
# Tested on: Windows 10, Linux
# CVE : Applied For.
  
  
  
POC:
  
1. Access and go to the Radio URL tab and add a new URL.
2. Add script as the value of the field.
3. Payload : <script> alert(1)</script>
4. Script saved and gives an image msg with a javascript execution on image click.
5. Therefore, Persistent XSS.

#  0day.today [2024-12-24]  #