Отправить #501351: D-Link DIR-816 1.01TO Cross Site ScriptingИнформация

НазваниеD-Link DIR-816 1.01TO Cross Site Scripting
ОписаниеIn the 'cgi-bin/webproc' directory within the user account, there is an unrestricted stored Cross-Site Scripting (XSS) vulnerability and injection attacks on the 'SSID' parameter of the "D-Link DIR-816" system. This function executes the user parameter without restrictions. To view the script in action, simply access the 'Setup' directory. Malicious attackers can exploit this vulnerability to obtain sensitive information from clients.
Источник⚠️ http://x.x.x.x:8080/cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic
Пользователь
 Fergod (UID 55882)
Представление14.02.2025 18:00 (1 Год назад)
Модерация17.02.2025 11:10 (3 days later)
Статуспринято
Запись VulDB296023 [D-Link DIR-816 1.01TO index.html&var:menu=24gwlan&var:page=24G_basic SSID межсайтовый скриптинг]
Баллы20

Interested in the pricing of exploits?

See the underground prices here!