TP-Link wireless router Archer C1200 – Cross-Site Scripting

Disclaimer: [This code is for Educational Purposes , I would Not be
responsible for any misuse of the information mentioned in this blog post]

Hello folks. An Input validation vulnerability was found in TP-Link Archer c1200 v1.0, which results in client side code execution.

[+] Unauthenticated

[+] Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU

[·] Impact: Client side attacks are very common and are the source of maximum number of user compromises. With this attack, the threat actor can steal cookies, redirect an innocent victim to a malicious website, thus compromising the user.

[·] Reason: The remote webserver does not filter special characters or illegal input.

[+] Attack type: Remote

[+] Patch Status: Unpatched

[+] Exploitation:

[!] The Cross-site scripting vector can be executed, as illustrated below

http://hostname/webpages/data/_._.<img src=a onerror=alert(“Reflected-XSS”)>../..%2f

[-] Responsible Disclosure:

  • April, 2018 – Contacted TP-Link via their web based form
  • May, 2018 – No Reply yet
  • May 26, 2018 – Public Disclosure

ZyXEL P-660R-T1 V2 XSS Zeroday Vulnerability

I recently found a vulnerability in Zyxel P-660R T1 . Although the impact factor is quite low as it is an XSS (Cross site scripting) but still  a vulnerability is a vulnerability .

Xc0re Security Research Group

Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code]

Exploit:

VECTOR : http://IP/Forms/home_1?&HomeCurrent_Date=‘ XSS Vector ‘01%2F01%2F2000

This works with the post request too ! As by default this value is sent through POST request.

Author : Usman Saeed , Xc0re Security Research Group.