Wednesday, January 22, 2020

[PROLIPHIX] PROLIPHIX THERMOSTAT NT20e Stored Cross-Site Scripting (Authenticated)

About the company
Proliphix has a long heritage in developing web-enabled energy control solutions. In 2005, Proliphix developed and brought to market the first web-enabled thermostat for commercial buildings. Since then, Proliphix has developed and introduced the second generation of energy controllers along with a cloud-based software service targeted specifically to provide HVAC energy management to light commercial facilities.

The tested version of the device NT20e


 To access to the control panel of the device you must click on the login menu
and enter its default credentials admin:admin

I've discovered that if you put a XSS payload in the Site Name Field of the General Settings section it gets triggered when you visit again this section.




0 comentarios:

Post a Comment