SkullSec

View on GitHub

CVE-2020-12262

XSS Intelbras TIP 200 / TIP 200 LITE / TIP 300

PoC:

Description:

> Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15
  devices allow /cgi-bin/cgiServer.exx?page= XSS.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> Intelbras
>
> ------------------------------------------
>
> [Affected Product Code Base]
> TIP300 - 65.61.75.15
> TIP200/200LITE - 60.61.75.15
>
> ------------------------------------------
>
> [Affected Component]
> CGI file parameter
> EX: /cgi-bin/cgiServer.exx?page= XSS
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> http://host/cgi-bin/cgiServer.exx?page=<script>alert('SkullSec')</script>
>
> ------------------------------------------
>
> [Discoverer]
> Lucas Souza
>
> ------------------------------------------