ID
VAR-E-201403-0281
TITLE
Ubee EVW3200 Cross Site Scripting
Trust: 0.5
DESCRIPTION
Ubee EVW3200 suffers from multiple persistent cross site scripting vulnerabilities.
Trust: 0.5
AFFECTED PRODUCTS
| vendor: | ubee | model: | evw3200 | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
# Exploit Title: Ubee EVW3200 - Multiple Persistent Cross Site Scripting
# Google Dork: N/A
# Date: 02-03-2014
# Exploit Author: Jeroen - IT Nerdbox
# Vendor Homepage: http://www.ubeeinteractive.com/
# Software Link:
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20
# Version: All
# Tested on: N/A
# CVE : N/A
#
## Description:
#
# The SSID and Device name settings in the wireless configuration do not
sanitize their input.
#
# The VPN Tunnel name is also vulnerable for persistent XSS
#
## PoC:
#
# Entering the following payload in one of these fields will execute
javascript:
#
# "><input onmouseover=prompt(1)> or "><button
onclick=prompt(1)>XSS</button>
#
#
# More information can be found at:
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
PRICE
free
Trust: 0.5
TYPE
xss
Trust: 0.5
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | vulnerability | Trust: 0.5 |
| tag: | xss | Trust: 0.5 |
CREDITS
Jeroen
Trust: 0.5
EXTERNAL IDS
| db: | PACKETSTORM | id: | 125703 | Trust: 0.5 |
SOURCES
| db: | PACKETSTORM | id: | 125703 |
LAST UPDATE DATE
2022-07-27T09:58:47.410000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 125703 | date: | 2014-03-13T14:55:55 |