Genexis Platinum-4410 P4410-V2-1.31A Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 26th, 2021 📆 | 2921 Views ⚑

0

Genexis Platinum-4410 P4410-V2-1.31A Cross Site Scripting ≈ Packet Storm

Genexis Platinum-4410 P4410-V2-1.31A Cross Site Scripting
Posted Mar 25, 2021
Authored by Jithin KS

Genexis Platinum-4410 version P4410-V2-1.31A suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 847b81631254f6ce93688f5b359ee379
# Exploit Title: Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site Scripting
# Date: 03/25/2020
# Exploit Author: Jithin KS
# Vendor Homepage: https://www.gxgroup.eu/ont-products/
# Version: Platinum-4410 Software version - P4410-V2-1.31A
# Tested on: Windows 10
# Author Contact: hhttps://twitter.com/jithinks_8

Vulnerability Details
======================
Genexis Platinum-4410 Home Gateway Unit is vulnerable to stored XSS in the "start_addr" parameter. This could allow attackers to perform malicious action in which the XSS popup will affect all privileged users.

How to reproduce
===================
1. Login to the firmware as any user
2. Navigate to Manage tab--> Security Management
3. Enter any valid value in Start Source Address and fill all other fields. Click Add.
4. Capture this request in Burp Suite. Enter payload in "start_addr" text box and forward the request.
5. Relogin as any user and again navigate to Manage tab--> Security Management
6. Observe the XSS popup showing persistent XSS


Source link

Tagged with:



Leave a Reply