[remote] MikroTik RouterOS 7.19.1 - Reflected XSS
MikroTik RouterOS 7.19.1 存在反射型 XSS 漏洞(CVE-2025-6563),攻击者可通过构造恶意 URL(如 http://<target-ip>/login?dst=javascript:alert(3))触发漏洞。该漏洞需用户交互,可用于钓鱼或重定向攻击。MikroTik 已确认此问题并提供修复建议。 2025-7-16 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:17 收藏
MikroTik RouterOS 7.19.1 存在反射型 XSS 漏洞(CVE-2025-6563),攻击者可通过构造恶意 URL(如 http://<target-ip>/login?dst=javascript:alert(3))触发漏洞。该漏洞需用户交互,可用于钓鱼或重定向攻击。MikroTik 已确认此问题并提供修复建议。 2025-7-16 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:17 收藏
# Exploit Title: MikroTik RouterOS 7.19.1 - Reflected XSS
# Google Dork: inurl:/login?dst=
# Date: 2025-07-15
# Exploit Author: Prak Sokchea
# Vendor Homepage: https://mikrotik.com
# Software Link: https://mikrotik.com/download
# Version: RouterOS <= 7.19.1
# Tested on: MikroTik CHR 7.19.1
# CVE : CVE-2025-6563
# PoC:
# Visit the following URL while connected to the vulnerable MikroTik hotspot service:
# http://<target-ip>/login?dst=javascript:alert(3)
# A reflected XSS will be triggered when the dst parameter is not properly sanitized by the server-side logic.
# This vulnerability requires user interaction (visiting the link) and may be used in phishing or redirection attacks.
# Notes:
# This is a non-persistent reflected XSS. It is accepted due to the presence of a valid CVE (CVE-2025-6563),
# and has been acknowledged by MikroTik as a valid issue.
文章来源: https://www.exploit-db.com/exploits/52366
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh