Skip to content

Instantly share code, notes, and snippets.

@farid007

farid007/NeDI 1.9C Bypass XSS

Last active June 28, 2020 18:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save farid007/8db2ab5367ba00e87f9479b32d46fea8 to your computer and use it in GitHub Desktop.
Save farid007/8db2ab5367ba00e87f9479b32d46fea8 to your computer and use it in GitHub Desktop.
Download ZIP
NeDI 1.9C Bypass function
Raw
NeDI 1.9C Bypass XSS
CVE-2020-14413
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.
Steps to reproduce :
> Note: every parameters is exploitable (Which are being displayed and stored).
> Login to the application.
> Go to "https://ip/Devices-Config.php?sta="><img src=x onerror=alert(1)>"
> Js Code will be executed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment