关键漏洞信息 漏洞详情 EDB-ID: 46850 CVE: N/A 作者: LiquidWorm 类型: WebApps 平台: PHP 日期: 2019-05-15 影响的设备和版本 厂商: BTicino S.p.A. 产品网页: https://www.bticino.com 受影响版本: - Hardware Platform: F454 - Firmware version: 1.0.51 - Driver Manager version: 1.1.14 漏洞描述 漏洞类型: - Cross-Site Request Forgery (CSRF) - Cross-Site Scripting (XSS) 漏洞详情: 1. Legrand BTicino Driver Manager F454 1.0.51 CSRF Change Password Exploit 2. Legrand BTicino Driver Manager F454 1.0.51 Authenticated Stored XSS Exploit 漏洞发现者 发现者: Gjoko 'LiquidWorm' Krstic @zeroscience 详细信息 CSRF PoC Web Access Password Change: CSRF PoC OpenWebNet Password Change: Stored XSS via GET request: GET请求示例: