header-logo
Suggest Exploit
vendor:
Solar-Log 200 PM+
by:
Vincent McRae, Mesut Cetin
4.1
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: Solar-Log 200 PM+
Affected Version From: Solar-Log 200 PM+ 3.6.0 Build 99
Affected Version To: Solar-Log 200 PM+ 3.6.0 Build 99
Patch Exists: NO
Related CWE: CVE-2023-46344
CPE: a:solar-log:solar-log_200:3.6.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2022-46344/
Other Scripts:
Platforms Tested: Proprietary devices
2023

Stored Cross-Site Scripting in Solar-Log 200 3.6.0 Web Panel

The Solar-Log 200 PM+ 3.6.0 Build 99 web panel is vulnerable to stored cross-site scripting (XSS) due to improper input validation. By inserting malicious code into the 'name' field under the Smart Energy configuration, an attacker can execute arbitrary scripts in the context of an authenticated user's session, potentially leading to cookie theft.

Mitigation:

To mitigate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being processed by the application. Regular security assessments and code reviews can help identify and address such issues.
Source

Exploit-DB raw data:

# Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel
# Date: 10-30-23
# Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security
# Vendor Homepage: https://www.solar-log.com/en/
# Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019
# Tested on: Proprietary devices: https://www.solar-log.com/en/support/firmware/
# CVE: CVE-2023-46344

# POC:

1. Go to solar panel
2. Go to configuration -> Smart Energy -> "drag & drop" button.
3. Change "name" to: <xss onmouseenter="alert(document.cookie)"
style=display:block>test</xss>
4. Once you hover over "test", you get XSS -> if a higher privileged
user hovers over it, we can get their cookies.

Navigation

Suggest Exploit

Services By CQR