header-logo
Suggest Exploit
vendor:
Solar-Log 200
by:
Vincent McRae, Mesut Cetin
4.1
CVSS
MEDIUM
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Solar-Log 200
Affected Version From: Solar-Log 200 PM+ 3.6.0 Build 99
Affected Version To: Solar-Log 200 PM+ 3.6.0 Build 99
Patch Exists: NO
Related CWE: CVE-2023-46344
CPE: a:solar-log:solar-log_200:3.6.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2022-46344/
Other Scripts:
Platforms Tested: Proprietary devices
2023

Stored XSS in Solar-Log 200 3.6.0 Web Panel

The Solar-Log 200 PM+ 3.6.0 Build 99 web panel is vulnerable to stored cross-site scripting (XSS) due to improper input validation. An attacker can inject malicious code into the 'name' field, which triggers an XSS payload when a privileged user hovers over the manipulated content, leading to potential cookie theft.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user inputs and encode special characters to prevent XSS attacks. Regular security assessments and code reviews can also help identify and address such vulnerabilities.
Source

Exploit-DB raw data:

# Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel
# Date: 10-30-23
# Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security
# Vendor Homepage: https://www.solar-log.com/en/
# Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019
# Tested on: Proprietary devices: https://www.solar-log.com/en/support/firmware/
# CVE: CVE-2023-46344

# POC:

1. Go to solar panel
2. Go to configuration -> Smart Energy -> "drag & drop" button.
3. Change "name" to: <xss onmouseenter="alert(document.cookie)"
style=display:block>test</xss>
4. Once you hover over "test", you get XSS -> if a higher privileged
user hovers over it, we can get their cookies.

Navigation

Suggest Exploit

Services By CQR