Exploits / Vulnerability Discovered : 2019-04-10 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Dlink di524 v2.06ru multiple crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
To re-create Reflected XSS vulnerability, log in to the Web Configuration (default credentials are: "admin":"" without double quotes), and send GET request to the router with malformed vulnerable parameter:
Where $IP may be equal to "192.168.0.1", $PAYLOAD may be equal to "alert(document.location)".
Stored XSS's were found in web forms on pages /spap.htm, /smap.htm. To inject malicious JavaScript to victim's webpage, an attacker should authorize on the router, then put a payload to any of the vulnerable forms, and wait, until victim opens router's web interface and goes to vulnerable page.
I haven't tested all the admin panel of the router, so I can guess that there are other XSS vulnerabilities in this router.