Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-6477 PoC — Nordex Control 2 Wind Farm Portal应用程序跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2015/CVE-2015-6477.yaml
Associated Vulnerability
Title:Nordex Control 2 Wind Farm Portal应用程序跨站脚本漏洞 (CVE-2015-6477)
Description:Nordex NC2(又名Nordex Control 2)是德国Nordex公司的一套用于风电行业的SCADA(数据采集与监视控制)系统。Wind Farm Portal是一套基于该系统的风机控制门户。 Nordex NC2 SCADA 16及之前版本的Wind Farm Portal应用程序中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意Web脚本或HTML。
Description
Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
File Snapshot

 id: CVE-2015-6477

info:
  name: Nordex NC2  - Cross-Site Scripting
  author: geeknik
  severity: me

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.