Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities.
b1bfdb8ccec705460c6f34a4c22e3f5d8cbb7d14f586b50b59fe43c388abf285# Exploit Title: Logitech Media Server : Persistent Cross Site Scripting(XSS)
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: www.logitech.com
# Software Link: [download link if available]
# Version: 7.9.0
# Tested on: Windows 10, Linux
# CVE : Applied For.
POC:
Access and go to the favorites tab and add a new favorite.
Add script as the value of the field.
Payload : <script> alert(1)</script>
Script saved and gives a pop-up to user every time they access that page.
Therefore, Persistent XSS.
# Exploit Title: Logitech Media Server : HTML code injection and execution.
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: www.logitech.com
# Version: 7.9.0
# Tested on: Windows 10, Linux
# CVE : Applied For.
POC:
1. Access and go to the Radio URL tab and add a new URL.
2. Add script as the value of the field.
3. Payload : <script> alert(1)</script>
4. Script saved and gives an image msg with a javascript execution on image click.
5. Therefore, Persistent XSS.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed