CVE-2017-16567 PoC — Logitech Media Server 跨站脚本漏洞

Source

https://github.com/dewankpant/CVE-2017-16567

Associated Vulnerability

Title:Logitech Media Server 跨站脚本漏洞 (CVE-2017-16567)
Description:Logitech Media Server是美国罗技（Logitech）公司的一款音频播放软件。 Logitech Media Server 7.9.0版本中存在跨站脚本漏洞。远程攻击者可借助‘favorite’标签利用该漏洞注入任意的Web脚本或HTML。

Readme

# CVE-2017-16567

1. Exploit Title: Logitech Media Server : Persistent Cross Site Scripting(XSS)
2. Shodan Dork: Search Logitech Media Server
3. Date: 11/03/2017
4. Exploit Author: Dewank Pant
5. Vendor Homepage: www.logitech.com
6. Version: 7.9.0
7. Tested on: Windows 10, Linux

 
 
 
POC:
 
1. Access and go to the favorites tab and add a new favorite.
2. Add script as the value of the field.
3. Payload : <script> alert(1)</script>
4. Script saved and gives a pop-up to user every time they access that page.

File Snapshot


 [4.0K]  /data/pocs/1638573db402567296185c336c9ce60b39c61ef8
└── [ 515]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!