Home / os / winmobile

MikroTik RouterOS 6.36.2 Cross Site Scripting

Posted on 11 November 2016

Title: RouterOS v6.36.2 - Cross Site Scripting Type: Local/Remote Author: Nassim Asrir Author Company: HenceForth Risk: (3/5) Release Date: 11.11.2016 Summary: MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware. It can also be installed on a PC and will turn it into a router with all the necessary features - routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more. Vendor: http://www.mikrotik.com/ Affected Version: v6.36.2 Tested On: Linux // Dist (Bugtraq 2) Vendor Status: I told them and i wait for the answer. PoC: -Using this Vulnerability we can inject a javascript code but to test this vulnerability you must to login in the router Configurations and when you login then you can test the XSS like this: * http://routerip/webfig/#"><script>alert("XSSED By Nassim Asrir");</script> Credits: Vulnerability discovered by Nassim Asrir - <wassline@gmail.com>

 

TOP