çPersistent XSS via SNMP: new
type of attack [link]
çTargets OIDs commonly printed
on web console. i.e.:
¼system.sysContact.0 /
1.3.6.1.2.1.1.4.0
¼system.sysName.0 /
1.3.6.1.2.1.1.5.0
¼system.sysLocation.0 /
1.3.6.1.2.1.1.6.0
çAssign XSS payload to OID via
SNMP write community string
çPayload is stored persistently on web
console
çDevice is owned when admin
visits page with injected payload
ç