Author Mohammed Al-Barbari aka @m4dm0e
CVE-ID: CVE-2021-3014
Summary: There is XSS-Reflected at the Mikrotik hotspot login page.
Description: In the hotspot login page there is hidden input called target with a blank value so you can add any value into it just by adding a new parameter with the value you want and it will be reflected in the page source
e.g: c.net/login?target=HelloAll
source code :
<input type="text" name="target" value="HelloAll" />
but also there are no filters over there so, you can escape the input tag and start a new value e.g: ?target=hhh" onSubmit="alert(0)
page source :
<input type="text" name="target" value="hhh" onSubmit="alert(0)" />
after the victim clicks on the submit button the XSS fires!
How to exploit this? Well, you have to be in the same network so you can play with this to get the admin user and password or cookies! also the users, with many techniques
PoC There is a POC video that will share as soon as possible on my channel GrodRiket Security