ID
VAR-E-202208-0063
TITLE
Fiberhome AN5506-02-B Cross Site Scripting
Trust: 0.5
sources:
PACKETSTORM: 168065
DESCRIPTION
Fiberhome AN5506-02-B with firmware version RP2521 suffers from a persistent cross site scripting vulnerability.
Trust: 0.5
sources:
PACKETSTORM: 168065
AFFECTED PRODUCTS
| vendor: | fiberhome | model: | an5506-02-b | scope: | - | version: | - | Trust: 0.5 |
sources:
PACKETSTORM: 168065
EXPLOIT
# Exploit Title: FiberHome - AN5506-02-B - RP2521 - Authenticated Stored XSS
# Date: 10/08/2022
# Exploit Author: Leonardo Goncalves
# Version: Firmware RP2521
1) Log in the equipment via your web browser
2) Go to Network > auth_settings
3) In the "sncfg_loid" inject the payload "<script>alert()</script>"
4) Click Save
5) Exploit!
Trust: 0.5
sources:
PACKETSTORM: 168065
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
sources:
PACKETSTORM: 168065
PRICE
free
Trust: 0.5
sources:
PACKETSTORM: 168065
TYPE
xss
Trust: 0.5
sources:
PACKETSTORM: 168065
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | xss | Trust: 0.5 |
sources:
PACKETSTORM: 168065
CREDITS
Leonardo Goncalves
Trust: 0.5
sources:
PACKETSTORM: 168065
EXTERNAL IDS
| db: | PACKETSTORM | id: | 168065 | Trust: 0.5 |
sources:
PACKETSTORM: 168065
SOURCES
| db: | PACKETSTORM | id: | 168065 |
LAST UPDATE DATE
2022-11-23T14:45:32.706000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 168065 | date: | 2022-08-11T15:45:20 |