Last active
June 28, 2020 18:36
-
-
Save farid007/8db2ab5367ba00e87f9479b32d46fea8 to your computer and use it in GitHub Desktop.
NeDI 1.9C Bypass function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2020-14413 | |
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. | |
Steps to reproduce : | |
> Note: every parameters is exploitable (Which are being displayed and stored). | |
> Login to the application. | |
> Go to "https://ip/Devices-Config.php?sta="><img src=x onerror=alert(1)>" | |
> Js Code will be executed. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment