[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Persistent XSS in Abus Security Center - CVSS 8.0

To: fulldisclosure@xxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, webappsec@xxxxxxxxxxxxxxxxx
Subject: [FD] Persistent XSS in Abus Security Center - CVSS 8.0
From: Tim Schughart <t.schughart@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 29 Sep 2016 16:49:21 +0200

Hi@all, 

Product: Abus Security Cams 
Vendor:Abus Group  

Internal reference: - 
Vulnerability type: Cross Site Scripting 
Vulnerable version: 0101a and possible other versions affected (not tested)
Vulnerable component: FTP
Report confidence: Confirmed
Solution status: Not fixed by Vendor, will not patch the vuln. 
Fixed versions: -
Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks
Vendor notification: 2016-09-21
Solution date: 
Public disclosure: 2016-09-29
CVE reference: 
CVSSv3: 8.0 AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 
<https://nvd.nist.gov/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>

Vulnerability Details:
The entered username via FTP login is reflected to the log which is rendered in 
the web interface without input validation. This results in an successfull, 
persistent, XSS.

Risk:
Through this you are able to get e.g. the session cookies of the cams 
administrator. So you are able to get full access - persistent. 

PoC: 
FTP Username: <script>alert(document.cookie)</script> 
FTP Pass: any 

Browse to log and watch the popup :) 


Best regards / Mit freundlichen Grüßen 

Tim Schughart 
CEO / Geschäftsführer  

--
ProSec Networks e.K.
Ellingshohl 82
56076 Koblenz 

Website: https://www.prosec-networks.com <http://www.prosec-networks.com/> 
E-Mail: t.schughart@xxxxxxxxxxxxxxxxxxx <mailto:info@xxxxxxxxxxxxxxxxxxx> 
Mobile: +49 (0)157 7901 5826
Phone: +49 (0)261 450 930 90

"This E-Mail communication may contain CONFIDENTIAL, PRIVILEGED and/or LEGALLY 
PROTECTED information and is intended only for the named recipient(s). Any 
unauthorized use, dissemination, copying or forwarding is strictly prohibited. 
If you are not the intended recipient and have received this email 
communication in error, please notify the sender immediately, delete it and 
destroy all copies of this E-Mail. VAT ID: DE290654714 legal domicile Koblenz, 
HRA 21621.“

"Diese E-Mail Mitteilung kann VERTRAULICHE, dem BERUFSGEHEIMNIS UNTERLIEGENDE 
und/oder RECHTLICH GESCHÜTZTE Informationen enthalten und ist ausschließlich 
für den/die genannten Adressaten bestimmt. Jede unbefugte Nutzung, Weitergabe, 
Vervielfältigung oder Versendung ist strengstens verboten. Sollten Sie nicht 
der angegebene Adressat sein und diese E-Mail Mitteilung irrtümlich erhalten 
haben, informieren Sie bitte sofort den Absender, löschen diese E-Mail und 
vernichten alle Kopien. USt-IdNr.:  DE290654714, Amtsgericht Koblenz, HRA 
21621."









_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] KeepNote 0.7.8 Remote Command Execution
Previous by thread: [FD] KeepNote 0.7.8 Remote Command Execution
Index(es):
- Date
- Thread