CVE-2021-31250 PoC — CHIYU Technology BF-630W 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-31250.yaml

Associated Vulnerability

Title:CHIYU Technology BF-630W 跨站脚本漏洞 (CVE-2021-31250)
Description:Chiyu CHIYU BF-430等都是中国台湾七友科技（Chiyu）公司的一款为门禁、考勤系统等设备提供通讯的联网服务器。 CHIYU 多款产品存在跨站脚本漏洞，该漏洞源于CHIYU科技的一些物联网设备中存在未经认证的XSS漏洞，包括BF-630、BF-450M、BF-430、BF-431、BF631-W、BF830-W、Webpass、bf - min - w和SEMAC，原因是在生成HTTP 404消息时缺乏消毒。攻击者可利用该漏洞执行客户端代码。

Description

CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.

File Snapshot


 id: CVE-2021-31250

info:
  name: CHIYU TCP/IP Converter - Cross-Site Scripting
  author: geeknik
  

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!