Logitech Media Server 7.9.0 Cross Site Scripting
Posted on 07 November 2017
# Exploit Title: Logitech Media Server : Persistent Cross Site Scripting(XSS) # Shodan Dork: Search Logitech Media Server # Date: 11/03/2017 # Exploit Author: Dewank Pant # Vendor Homepage: www.logitech.com # Software Link: [download link if available] # Version: 7.9.0 # Tested on: Windows 10, Linux # CVE : Applied For. POC: Access and go to the favorites tab and add a new favorite. Add script as the value of the field. Payload : <script> alert(1)</script> Script saved and gives a pop-up to user every time they access that page. Therefore, Persistent XSS. # Exploit Title: Logitech Media Server : HTML code injection and execution. # Shodan Dork: Search Logitech Media Server # Date: 11/03/2017 # Exploit Author: Dewank Pant # Vendor Homepage: www.logitech.com # Version: 7.9.0 # Tested on: Windows 10, Linux # CVE : Applied For. POC: 1. Access and go to the Radio URL tab and add a new URL. 2. Add script as the value of the field. 3. Payload : <script> alert(1)</script> 4. Script saved and gives an image msg with a javascript execution on image click. 5. Therefore, Persistent XSS.
