Real Time Automation 460MCBS 5.2.14 Cross Site Scripting ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[11] Download^[12]

        Exploit Title:  Real Time Automation 460MCBS Cross Site Scripting (XSS)
Date: 2023-03-09
Exploit Author: Yehia Elghaly
Vendor Homepage: https://www.rtautomation.com/
Software Link: https://www.rtautomation.com/product/460mcbs/
Version: Revision 5.2.14
Tested on: Real Time Automation 
CVE: N/A
Summary: The Real Time Automation  460MCBS moves data between up to 32 Modbus TCP Servers and a BACnet/IP Building Automation System (BAS). It’s a perfect tool to tie Modbus TCP power meters, boilers, chillers and other devices into your BACnet/IP Building Automation System
Description: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: XSS found on when insert a payload after(/)
Payload: ?c12yy<script>alert('XSSYF')</script>p1ax8=1
[Affected Component]
(/)

• Follow us on Twitter^[15]
• Follow us on Facebook^[16]
• Subscribe to an RSS Feed^[17]

File Tags

• ActiveX^[18] (932)
• Advisory^[19] (80,453)
• Arbitrary^[20] (15,882)
• BBS^[21] (2,859)
• Bypass^[22] (1,647)
• CGI^[23] (1,020)
• Code Execution^[24] (7,020)
• Conference^[25] (675)
• Cracker^[26] (840)
• CSRF^[27] (3,304)
• DoS^[28] (22,880)
• Encryption^[29] (2,357)
• Exploit^[30] (50,617)
• File Inclusion^[31] (4,177)
• File Upload^[32] (950)
• Firewall^[33] (821)
• Info Disclosure^[34] (2,681)
• Intrusion Detection^[35] (876)
• Java^[36] (2,954)
• JavaScript^[37] (829)
• Kernel^[38] (6,425)
• Local^[39] (14,280)
• Magazine^[40] (586)
• Overflow^[41] (12,520)
• Perl^[42] (1,419)
• PHP^[43] (5,108)
• Proof of Concept^[44] (2,295)
• Protocol^[45] (3,479)
• Python^[46] (1,484)
• Remote^[47] (30,235)
• Root^[48] (3,528)
• Rootkit^[49] (502)
• Ruby^[50] (600)
• Scanner^[51] (1,633)
• Security Tool^[52] (7,818)
• Shell^[53] (3,125)
• Shellcode^[54] (1,206)
• Sniffer^[55] (890)
• Spoof^[56] (2,179)
• SQL Injection^[57] (16,158)
• TCP^[58] (2,383)
• Trojan^[59] (687)
• UDP^[60] (880)
• Virus^[61] (663)
• Vulnerability^[62] (31,340)
• Web^[63] (9,447)
• Whitepaper^[64] (3,738)
• x86^[65] (946)
• XSS^[66] (17,557)
• Other^[67]

File Archives

• March 2023^[68]
• February 2023^[69]
• January 2023^[70]
• December 2022^[71]
• November 2022^[72]
• October 2022^[73]
• September 2022^[74]
• August 2022^[75]
• July 2022^[76]
• June 2022^[77]
• May 2022^[78]
• April 2022^[79]
• Older^[80]

Systems

• AIX^[81] (426)
• Apple^[82] (1,950)
• BSD^[83] (370)
• CentOS^[84] (55)
• Cisco^[85] (1,918)
• Debian^[86] (6,704)
• Fedora^[87] (1,690)
• FreeBSD^[88] (1,242)
• Gentoo^[89] (4,288)
• HPUX^[90] (878)
• iOS^[91] (338)
• iPhone^[92] (108)
• IRIX^[93] (220)
• Juniper^[94] (67)
• Linux^[95] (44,991)
• Mac OS X^[96] (684)
• Mandriva^[97] (3,105)
• NetBSD^[98] (256)
• OpenBSD^[99] (481)
• RedHat^[100] (12,844)
• Slackware^[101] (941)
• Solaris^[102] (1,609)
• SUSE^[103] (1,444)
• Ubuntu^[104] (8,401)
• UNIX^[105] (9,202)
• UnixWare^[106] (185)
• Windows^[107] (6,529)
• Other^[108]

© 2022 Packet Storm. All rights reserved.