Skip to content

Instantly share code, notes, and snippets.

@PreethamBomma

PreethamBomma/CVE-2020-15017_Nedi XSS

Created June 26, 2020 08:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save PreethamBomma/6ceeb4d5c754834697e42f1db8214c69 to your computer and use it in GitHub Desktop.
Save PreethamBomma/6ceeb4d5c754834697e42f1db8214c69 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CVE-2020-15017_Nedi XSS
[Description]
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this
vulnerability by crafting arbitrary JavaScript in the sta GET parameter.
------------------------------------------
[Additional Information]
Step To Reproduce-:
1. Login with the credential.
2. Go to https://ip-nedi/Devices-Config.php?sta="><script>alert(document.domain)</script>
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]
Nedi-FindIt
------------------------------------------
[Affected Product Code Base]
Nedi - 1.9C
------------------------------------------
[Affected Component]
Devices-Config.php
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Attack Vectors]
An attacker can exploit this vulnerability by crafting arbitrary
javascript ("><script>alert(document.domain)</script>) in `sta` GET
parameter of Devices-Config.php resulting in execution of the
javascript. Due to this flaw, an attacker can hijack the user's
session.
------------------------------------------
[Reference]
http://www.nedi.ch/download/
------------------------------------------
[Discoverer]
Preetham Bomma
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment