Cross-Site Scripting in Geovision GeoHttpServer

While doing recon in Shodan, i found that Geovision GeoHttpServer script is vulnerable to Cross-Site Scripting (XSS). I don’t know which version who vulnerable with this.

By using POST method i was able to execute XSS payload. I have check on cvedetails in this one and this one and there is no XSS vuln on this script before. Can’t submit XSS vuln in Exploit-DB any more so i just blog it. Here is the details.

Vulnerable URL: http://localhost/hint_password

Vulnerable parameter: id

XSS payload: \”-confirm(1) //”

Open vulnerable target in Firefox. I found this IP address who vulnerable http://73.50.116.33 and click Forget Password.

Input any user in ID box. I use ID terserah.

Use Hackbar plugin and you’ll see the POST data like this id=terserah&OK=OK

Put the XSS payload behind terserah ID. Looks like this id=terserah\”-alert(document.location) //”&OK=OK and click Execute. You’ll see document location pop-up.

Happy hunting!

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.