XSS in BDCOM OLT P3310D-2AC

XSS in BDCOM OLT P3310D-2AC

VolkNwn

Device Type: P3310D

BIOS Version: 0.4.2

Firmware Version: 10.1.0F Build 69083


Cross-site scripting (XSS) vulnerability in device web interface (Log Query page) in BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows remote attackers to inject arbitrary web script or HTML via the login parameter.




Steps to Reproduce:

1. Connect via telnet

2. Use a payload as your username.

Example: <script>alert('XSS');</script>

3. Go to the Log Query page.



Info:


https://t.me/volknwn


Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org