TP-Link WR740N suffers from a few stored XSS vulnerabilities.research tp-link-WR740N
Stored XSS on TP-Link WR740N
TP-Link WR740N suffers from a few stored XSS vulnerabilities.
This is a PoC to demonstrate that is actually possible to inject script tags within the MAC description that leads to store XSS.
Go to “Wireless MAC Filtering”:
Add new MAC Address filtering with the following fields:
Notice the strange array on top of the page:
Add a new MAC Address filtering but this time with the following:
This is a PoC to demonstrate that is actually possible to inject script tags within the Access Control target description that leads to store XSS.
Send the following first request to the website:
Send the following second request to the website:
Check Access Control – Target tab:
TP-Link was contacted regarding this vulnerabilities and they said that the product reach EOF and so no mitigation will be made to the router.
TP-Link WR740N suffers from an LFI vulnerability in the /help/ directory.research tp-link-WR740N
This is an “easy” machine from HackTheBox Business CTF.writeup hackthebox ctf