Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting

Author: Dolev Farhi
type: webapps
platform: hardware
port: 
date_added: 2014-05-01 
date_updated: 2014-05-01 
verified: 0 
codes: OSVDB-106530 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: Stored XSS Vulnerability in NETGEAR DGN2200 Web interface

# Date 30/04/2014

# Exploit author: Dolev Farhi @f1nhack

# Vendor homepage: http://netgear.com

# Affected Firmware version: 1.0.0.29_1.7.29_HotS

# Affected Hardware: NETGEAR DGN2200 Wireless ADSL Router




Summary
=======
NETGEAR DGN2200 ADSL router web interface suffers from persistent XSS vulnerability in the QoS(Quality of Service) Administration page under 'Expert Mode'.



Vulnerability Description
=========================
Persistent Cross Site Scripting



Steps to reproduce / PoC:
=========================
1. Login to the router web interface

2. Enter expert mode

3. navigate to QoS page

4. Add QoS Rule, or Edit an existing one.

5. in "QoS Policy for: " Enter the following: <script>alert("XSS")</script> and click apply.

6. go to another page and navigate back into QoS - the XSS error pops up.
	- PoC Video: https://www.youtube.com/watch?v=xxjluF2RR70