Ubee EVW3200 - Multiple Persistent Cross Site Scripting

2014-03-13 14:05:03

# Exploit Title: Ubee EVW3200 - Multiple Persistent Cross Site Scripting

# Google Dork: N/A

# Date: 02-03-2014

# Exploit Author: Jeroen - IT Nerdbox

# Vendor Homepage: http://www.ubeeinteractive.com/

# Software Link:
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20

# Version: All

# Tested on: N/A

# CVE : N/A

#

## Description:

#

# The SSID and Device name settings in the wireless configuration do not
sanitize their input.

#

# The VPN Tunnel name is also vulnerable for persistent XSS

#

## PoC:

#

# Entering the following payload in one of these fields will execute
javascript:

#

# "><input onmouseover=prompt(1)> or "><button
onclick=prompt(1)>XSS</button>

#

#

# More information can be found at:
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.