#; NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Stored XSS Vulnera

1. Full title NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Stored XSS Vulnerability
2. Date add 2014-05-02
3. Category web applications
4. Platform hardware
5. Risk <font color="#FFFF00">Security Risk Medium</font>
6. ===============================
7.  
8. # Exploit Title: Stored XSS Vulnerability in NETGEAR DGN2200 Web interface
9.  
10. # Date 30/04/2014
11.  
12. # Exploit author: Dolev Farhi @f1nhack
13.  
14. # Vendor homepage: http://netgear.com
15.  
16. # Affected Firmware version: 1.0.0.29_1.7.29_HotS
17.  
18. # Affected Hardware: NETGEAR DGN2200 Wireless ADSL Router
19.  
20.  
21.  
22.  
23. Summary
24. =======
25. NETGEAR DGN2200 ADSL router web interface suffers from persistent XSS vulnerability in the QoS(Quality of Service) Administration page under 'Expert Mode'.
26.  
27.  
28.  
29. Vulnerability Description
30. =========================
31. Persistent Cross Site Scripting
32.  
33.  
34.  
35. Steps to reproduce / PoC:
36. =========================
37. 1. Login to the router web interface
38.  
39. 2. Enter expert mode
40.  
41. 3. navigate to QoS page
42.  
43. 4. Add QoS Rule, or Edit an existing one.
44.  
45. 5. in "QoS Policy for: " Enter the following: <script>alert("XSS")</script> and click apply.
46.  
47. 6. go to another page and navigate back into QoS - the XSS error pops up.
48. - PoC Video: https://www.youtube.com/watch?v=xxjluF2RR70