MikroTik RouterOS version 6.36.2 suffers from a cross site scripting vulnerability.
574ec10eda68efe29907bd928181fa09546feacfc51f2df9f2838424e1afe544Title: RouterOS v6.36.2 - Cross Site Scripting
Type: Local/Remote
Author: Nassim Asrir
Author Company: HenceForth
Risk: (3/5)
Release Date: 11.11.2016
Summary:
MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware. It can also be installed on a PC and will turn it into a router with all the necessary features - routing, firewall,
bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more.
Vendor:
http://www.mikrotik.com/
Affected Version:
v6.36.2
Tested On:
Linux // Dist (Bugtraq 2)
Vendor Status:
I told them and i wait for the answer.
PoC:
-Using this Vulnerability we can inject a javascript code but to test this vulnerability you must to login in the router Configurations and when you login then you can test the XSS like this:
* http://routerip/webfig/#"><script>alert("XSSED By Nassim Asrir");</script>
Credits:
Vulnerability discovered by Nassim Asrir - <wassline@gmail.com>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed