CVE-2017-16568 PoC — Logitech Media Server 跨站脚本漏洞

Source

https://github.com/dewankpant/CVE-2017-16568

Associated Vulnerability

Title:Logitech Media Server 跨站脚本漏洞 (CVE-2017-16568)
Description:Logitech Media Server是美国罗技（Logitech）公司的一款音频播放软件。 Logitech Media Server 7.9.0版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。

Readme

# CVE-2017-16568


 1. Exploit Title: Logitech Media Server : HTML code injection and execution.
 2. Shodan Dork: Search Logitech Media Server
 3. Date: 11/03/2017
 4. Exploit Author: Dewank Pant
 5. Vendor Homepage: www.logitech.com
 6. Version: 7.9.0
 7. Tested on: Windows 10, Linux

  
  
  
POC:
  
1. Access and go to the Radio URL tab and add a new URL.
2. Add script as the value of the field.
3. Payload : <script> alert(1)</script>
4. Script saved and gives an image msg with a javascript execution on image click.
5. Therefore, Persistent XSS.

File Snapshot


 [4.0K]  /data/pocs/81d79dbc1cc878bf4b5c727bfff130ab5249795d
└── [ 555]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!