CVE-2015-1028
D-Link DSL-2730B Firmware GE_1.01 - Authenticated Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2015-1028. PoCs published by XLabs Security.
AI-analyzed exploit summary This Perl script exploits a stored XSS vulnerability in D-Link DSL-2730B modems by injecting malicious payloads into the wlsecrefresh.wl and wlsecurity.wl endpoints. It requires authentication and allows the attacker to execute arbitrary JavaScript in the context of the modem's web interface.
Description
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
Exploits (3)
This Perl script exploits a stored XSS vulnerability in D-Link DSL-2730B modems by injecting malicious payloads into the wlsecrefresh.wl and wlsecurity.wl endpoints. It requires authentication and allows the attacker to execute arbitrary JavaScript in the context of the modem's web interface.
This Perl script exploits a stored XSS vulnerability in D-Link DSL-2730B modems by injecting a malicious payload into the dnsProxy.cmd endpoint. It authenticates with provided credentials, retrieves a session key, and then submits the XSS payload to trigger the vulnerability.
This Perl script exploits a stored XSS vulnerability in D-Link DSL-2730B modems via the lancfg2get.cgi endpoint. It injects a malicious payload into the brName parameter, which is then reflected in the lancfg2.html page.