# Exploit Title: cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS Injection via the mask POST parameter.
# Exploit Author: Vikas Chaudhary
# Date: 21-01-2019
# Vendor Homepage: https://www.jio.com/
# Hardware Link: https://www.amazon.in/JioFi-Hotspot-M2S-Portable-Device/dp/B075P7BLV5/ref=sr_1_1?s=computers&ie=UTF8&qid=1531032476&sr=1-1&keywords=JioFi+M2S+Wireless+Data+Card++%28Black%29
# Version: JioFi 4G Hotspot M2S 150 Mbps Wireless Router
# Category: Hardware
# Contact: Vikas Chaudhary
# Web: https://gkaim.com/
# Tested on: Windows 10 X64- Firefox-65.0
# CVE-2019-7438 -XSS
***********************************************************************
## Vulnerability Description=> Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
—————————————-
# Proof Of Concept:-POC
1- First Open BurpSuite
2- Make Intercept on
3 -Go to your Wifi Router’s Gateway in Browser [i.e http://192.168.225.1 ]
4-Capture the data and then Spider the Host
5- Now You find a Link like this [ http://192.168.225.1/cgi-bin/qcmap_web_cgi ]
6- Send it to repeter Now you will find parameter like this [ Page=GetWANInfo&mask=0&token=0 ]
7-Vulnerable parameter is => mash
8-Paste this PAYLOaD in mask parameter and then show Response in browser
Payload =>


9-Now it will show a popup of MyAiM on Screen
———————————————————————————–
Vulnerable URL => Post Based => http://192.168.225.1/cgi-bin/qcmap_web_cgi => mask parameter
———————————————————————————–
REQUEST
———–


****************************
RESPONSE
————–