breagan / esp8266_wifi_file_manager Goto Github PK

Product: ESP8266 WiFi File Manager
Download: https://github.com/breagan/ESP8266_WiFi_File_Manager
Vunlerable Version: latest version
Tested Version: latest version
Author: ADLab of Venustech

Advisory Details:
Multiple Cross-Site Scripting (XSS) were discovered in “ESP8266 WiFi File Manager latest version”, which can be exploited to execute arbitrary code.
The vulnerabilities exist due to insufficient filtration of user-supplied data in multiple parameters passed to the “ESP8266_WiFi_File_Manager-master/PHP_files/send_Compile.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
Post:IP= ><script>alert(1);</script><
To
http://localhost/.../ESP8266_WiFi_File_Manager-master/PHP_files/send_Compile.php
(2)
Post: filename=><script>alert(1);</script><
To
http://localhost/.../ESP8266_WiFi_File_Manager-master/PHP_files/send_Compile.php

Product: ESP8266 WiFi File Manager
Download: https://github.com/breagan/ESP8266_WiFi_File_Manager
Vunlerable Version: latest version
Tested Version: latest version
Author: ADLab of Venustech

Advisory Details:
A Cross-Site Scripting (XSS) was discovered in “ESP8266 WiFi File Manager latest version”, which can be exploited to execute arbitrary code.
The vulnerability exists due to insufficient filtration of user-supplied data in the “chipIP” HTTP POST parameter passed to the “ESP8266_WiFi_File_Manager-master/PHP_files/send_Restart.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation example below uses the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
Post:chipIP= ><script>alert(1);</script><
To
http://localhost/.../ESP8266_WiFi_File_Manager-master/PHP_files/send_Restart.php

Hello, could you please provide an email for a vulnerability report? Additionally, adding a SECURITY.md with instructions for researchers would be helpful. Thanks!

tag @breagan

Product: ESP8266 WiFi File Manager
Download: https://github.com/breagan/ESP8266_WiFi_File_Manager
Vunlerable Version: latest version
Tested Version: latest version
Author: ADLab of Venustech

Advisory Details:
Multiple Cross-Site Scripting (XSS) were discovered in “ESP8266 WiFi File Manager latest version”, which can be exploited to execute arbitrary code.
The vulnerabilities exist due to insufficient filtration of user-supplied data in multiple parameters passed to the “ESP8266_WiFi_File_Manager-master/PHP_files/send_Delfile.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
Post:IP= ><script>alert(1);</script><
To
http://localhost/.../ESP8266_WiFi_File_Manager-master/PHP_files/send_Delfile.php
(2)
Post: filename=><script>alert(1);</script><
To
http://localhost/.../ESP8266_WiFi_File_Manager-master/PHP_files/send_Compile.php

Product: ESP8266 WiFi File Manager
Download: https://github.com/breagan/ESP8266_WiFi_File_Manager
Vunlerable Version: latest version
Tested Version: latest version
Author: ADLab of Venustech

Advisory Details:
Multiple Cross-Site Scripting (XSS) were discovered in “ESP8266 WiFi File Manager latest version”, which can be exploited to execute arbitrary code.
The vulnerabilities exist due to insufficient filtration of user-supplied data in multiple parameters passed to the “ESP8266_WiFi_File_Manager-master/PHP_files/send_Dofile.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
Post:IP= ><script>alert(1);</script><
To
http://localhost/.../ESP8266_WiFi_File_Manager-master/PHP_files/send_Dofile.php.php
(2)
Post: filename=><script>alert(1);</script><
To
http://localhost/.../ESP8266_WiFi_File_Manager-master/PHP_files/send_Dofile.php.php

First thing, thank you for your work. I had the exact same issues as you before finding this repo.

Have you already though about ESP8266 auto discovery (instead of manually set the ip address) ? This can easily be done by using UDP multicast address. By easy I mean this kind of protocol exists, I have no idea if it can be implemented in LUA nor PHP.

I'm more of a Java person, so if it's available in LUA but not PHP I can make a webapp using Java.

Product: ESP8266 WiFi File Manager
Download: https://github.com/breagan/ESP8266_WiFi_File_Manager
Vunlerable Version: latest version
Tested Version: latest version
Author: ADLab of Venustech

Advisory Details:
A Cross-Site Scripting (XSS) was discovered in “ESP8266 WiFi File Manager latest version”, which can be exploited to execute arbitrary code.
The vulnerability exists due to insufficient filtration of user-supplied data in the “chipIP” HTTP POST parameter passed to the “ESP8266_WiFi_File_Manager-master/PHP_files/writeIP.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation example below uses the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
Post:chipIP= ><script>alert(1);</script><
To
http://localhost/.../ESP8266_WiFi_File_Manager-master/PHP_files/writeIP.php