Reflected HTML Injection

vendor:

by:

Ramikan

6.1

CVSS

MEDIUM

Reflected HTML Injection

CWE

Product Name:

Affected Version From: cs121-SNMP v4.54.82.130611

Affected Version To: cs121-SNMP v4.54.82.130611

Patch Exists: NO

Related CWE: CVE-2019-10887

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2015

This vulnerability allows an attacker to inject HTML code into a website, which can lead to various attacks such as cross-site scripting (XSS). The vulnerability can be exploited by manipulating the 'log', 'name', or 'data' parameters in the affected URLs. An example payload for this exploit is '<h1>HTML Injection</h1>'.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and validate it before displaying it on the website. Implementing a web application firewall (WAF) can also help in detecting and blocking such attacks.

Source

Exploit-DB raw data:

# Exploit Title: Reflected HTML Injection
# Google Dork: None
# Date: 16/12/2015
# Exploit Author: Ramikan
# Vendor Homepage:https://www.salicru.com/en/
# Software Link: N/A
# Version: Tested on SaLICru -SLC-20-cube3(5).
# Firmware: cs121-SNMP v4.54.82.130611
# CVE : CVE-2019-10887
# Category:Web Apps


Vulnerability: Reflected HTML Injection
Vendor Web site: 
Version tested:cs121-SNMP v4.54.82.130611 
Solution: N/A
Note:Default credential:admin/admin or admin/cs121-snmp
Victim need to be authenticated in order to get affected by this.


Vulnerability 1:Refelected HTML Injection

Affected URL:

/DataLog.csv?log=
/AlarmLog.csv?log=
/waitlog.cgi?name=
/chart.shtml?data=
/createlog.cgi?name=

Affected Parameter: log, name, data

Payload: <h1>HTML Injection</h1>