| 제목 | Cross Site Scripting On Ping Functionality On Dragon Path Router(707GR1) |
|---|
| 설명 | Description:
------------------------
The ping functionality present on the Diagnostic tab is vulnerable to Cross Site Scripting(XSS).
Impact:
-------------
The attacker can use this vulnerability to inject arbitrary javascript (Such as beef hooks or custom JS) to further exploit the Browser and the application.
Since the endpoint is vulnerable to Cross Site request Forgery the attacker will not even need to creds to exploit if it chains with it.
Steps to Reproduce
-----------------------------------
1)Login to the Dragon Path Router,
2)Move to Status tab--->Diagnostics
3)put the Host address as >><img/src/onerror=alert(1)> and press on Go.
You can see the alert getting poped up
|
|---|
| 원천 | ⚠️ https://drive.google.com/file/d/1s_NzD0Z6lMvRoo9sLXqRvYRaF7XTAYBE/view?usp=sharing |
|---|
| 사용자 | w3bspl01t3r (UID 39229) |
|---|
| 제출 | 2023. 10. 22. PM 09:11 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 10. 26. AM 08:32 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 243594 [Dragon Path 707GR1 까지 20231022 Ping Diagnostics Host Address 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|