Cross-Site Scripting in Geovision GeoHttpServer
By using POST method i was able to execute XSS payload. I have check on cvedetails in this one and this one and there is no XSS vuln on this script before. Can’t submit XSS vuln in Exploit-DB any more so i just blog it. Here is the details.
Vulnerable URL: http://localhost/hint_password
Vulnerable parameter: id
XSS payload: \”-confirm(1) //”
Open vulnerable target in Firefox. I found this IP address who vulnerable http://220.127.116.11 and click Forget Password.
Input any user in ID box. I use ID terserah.
Use Hackbar plugin and you’ll see the POST data like this id=terserah&OK=OK
Put the XSS payload behind terserah ID. Looks like this id=terserah\”-alert(document.location) //”&OK=OK and click Execute. You’ll see document location pop-up.