added to readme

reevesrs24 · Aug 26, 2018 · 2e5a206 · 2e5a206
1 parent 647365e
commit 2e5a206
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/D-Link_DIR-615/xss_DHCP/dlink_dir615_xss_dhcp.md b/D-Link_DIR-615/xss_DHCP/dlink_dir615_xss_dhcp.md
@@ -10,6 +10,9 @@
 
 **Vendor Homepage**: http://us.dlink.com/
 
+**Tested On** Linux 4.15.0-33-generic #36~16.04.1-Ubuntu x86_64
+
+**CVE** CVE-2018-1587
 
 ## Vulnerability detail ##
 

diff --git a/D-Link_DIR-615/xss_UPnP/dlink_dir615_xss_upnp.md b/D-Link_DIR-615/xss_UPnP/dlink_dir615_xss_upnp.md
@@ -10,6 +10,9 @@
 
 **Vendor Homepage**: http://us.dlink.com/
 
+**Tested On** Linux 4.15.0-33-generic #36~16.04.1-Ubuntu x86_64
+
+**CVE** CVE-2018-15875
 
 ## Vulnerability detail ##
 
@@ -25,7 +28,7 @@ Verification Steps:
     ![alt text](screenshots/control_url.png "")
 3. Set the 'url' variable in the xss_upnp.py script to the control-url.
     - e.g. 'http://192.168.0.1:5431/control/WANIPConnection'
-4. Set the 'NewPortMappingDescription' field in the "add_port_mapping" function to an HTML where the attribute is javascript.
+4. Set the 'NewPortMappingDescription' field in the "add_port_mapping" function to an HTML element where the attribute is javascript.
     - i.e. "<img src="" onerror=alert("XSS") />" (The <script> tag caused the page to fail to load, but adding javascript to an attribute worked)
 5. Set the "NewInternalClient" field in the "add_port_mapping" function to the D-Link router's local IP address.
 6. Run the xss_upnp.py script with the -m switch to add the port mapping.

diff --git a/README.md b/README.md
@@ -1 +1,2 @@
-# Two CVE requests
+# CVE-2018-15874 -> (https://github.com/reevesrs24/cve/blob/master/D-Link_DIR-615/xss_DHCP/dlink_dir615_xss_dhcp.md "D-Link DIR-615 XSS Via DHCP")
+# CVE-2018-15875 -> (https://github.com/reevesrs24/cve/blob/master/D-Link_DIR-615/xss_UPnP/dlink_dir615_xss_upnp.md "D-Link DIR-615 XSS Via the UPnP Protocol")