CVE-2022-24654 PoC — IIntelbras ATA 200 跨站脚本漏洞

Source

https://github.com/leonardobg/CVE-2022-24654

Associated Vulnerability

Title:IIntelbras ATA 200 跨站脚本漏洞 (CVE-2022-24654)
Description:Intelbras ATA 200是巴西Intelbras公司的一款用于模拟电话的 VOIP 线路适配器。旨在集成在电话系统之间。 Intelbras ATA 200 74.19.10.21版本存在安全漏洞，该漏洞源于“Field Server Address”字段中存储跨站点脚本。攻击者利用该漏洞通过特制的有效载荷注入 JavaScript 代码。

Description

PoC for CVE-2022-24654

Readme

# CVE-2022-24654

PoC of CVE-2022-24654 - INTELBRAS ATA 200 Firmware 74.19.10.21

## Authenticated stored Cross Site Scripting


## Steps to Reproduce:

1. Log in the equipment via your web browser
2. Go to Management > Syslog
3. In the "Field Server Address" inject the payload "-prompt("XSS")-"
4. Click Save
5. Exploit!

File Snapshot


 [4.0K]  /data/pocs/37fd01c5bcda01e271c00654f15c1a0f21d1afc8
└── [ 323]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!