While doing recon in Shodan, i found that Geovision GeoHttpServer script is vulnerable to Cross-Site Scripting (XSS). I don’t know which version who vulnerable with this.
By using POST method i was able to execute XSS payload. I have check on cvedetails in this one and this one and there is no XSS vuln on this script before. Can’t submit XSS vuln in Exploit-DB any more so i just blog it. Here is the details.
Vulnerable URL: http://localhost/hint_password
Vulnerable parameter: id
XSS payload: \”-confirm(1) //”
Open vulnerable target in Firefox. I found this IP address who vulnerable http://73.50.116.33 and click Forget Password.
Input any user in ID box. I use ID terserah.
Use Hackbar plugin and you’ll see the POST data like this id=terserah&OK=OK
Put the XSS payload behind terserah ID. Looks like this id=terserah\”-alert(document.location) //”&OK=OK and click Execute. You’ll see document location pop-up.
Happy hunting!
<a rel=”me” href=”https://infosec.exchange/@pacenoge">x</a>