CVE-2018-6936 : D-Link DIR-600M Wireless – Cross-Site Scripting
CVE-2018-6936 discovered by ICSS team member Prasenjit Kanti Paul who is the Co-Founder of Indian Cyber Security Solutions. The Exploit is published on Exploit DB on 02-03-2018. It’s an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:
Exploit Title: D-Link DIR-600M Wireless – Persistent Cross Site Scripting
Date: 11-02-2018
CVE: CVE-2018-6936
Author: Prasenjit Kanti Paul
Overview:
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.
Proof of Concept:
Goto your wifi router gateway [i.e: http://192.168.0.1]
-Go to –> “Maintenance” –> “Admin”
-Create a user with name
-Refresh the page and you will be having “PKP” popup
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Amazon Web Services Training in Hyderabad
Amazon Web Services Training in Bangalore
Amazon Web Services Training in Bhubaneswar
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Testing training
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Testing – NPT
Android App Penetration Testing
Other Location for Online Courses: