SNMP Injection: SNMP and HTTP join forces!
çPersistent XSS via SNMP: new type of attack [link]
çTargets OIDs commonly printed on web console. i.e.:
¼system.sysContact.0 / 1.3.6.1.2.1.1.4.0
¼system.sysName.0 / 1.3.6.1.2.1.1.5.0
¼system.sysLocation.0 / 1.3.6.1.2.1.1.6.0
çAssign XSS payload to OID via SNMP write community string
çPayload is stored persistently on web console
çDevice is owned when admin visits page with injected payload
ç