Rockwell Automation Allen-Bradley PowerMonitor 1000 XSS - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1419593 漏洞类型
发布时间 2018-12-04 更新时间 2018-12-04
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018120027
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
# Date: 2018-11-27
# Exploit Author: Luca.Chiou
# Vendor Homepage: https://www.rockwellautomation.com/
# Version: 1408-EM3A-ENT B
# Tested on: It is a proprietary devices: https://ab.rockwellautomation.com/zh/Energy-Monitoring/1408-PowerMonitor-1000
# CVE : N/A

# 1. Description:
# In Rockwell Automation Allen-Bradley PowerMonitor 1000 web page,
# user can add a new user by access the /Security/Security.shtm.
# When users add a new user, the new useras account will in the post data.
# Attackers can inject malicious XSS code in useras account parameter of post data.
# The useras account parameter will be stored in database, so that cause a stored XSS vulnerability.

# 2. Proof of Concept:
# Browse http://<Your Modem IP>/Security/Security.shtm
# In page Security.shtm, add a new user
# Send this post data:

/Security/cgi-bin/security|0|0|<script>alert(123)</script>