Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
NeDI 1.9C Bypass function
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.
Steps to reproduce :
> Note: every parameters is exploitable (Which are being displayed and stored).
> Login to the application.
> Go to "https://ip/Devices-Config.php?sta="><img src=x onerror=alert(1)>"
> Js Code will be executed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment