Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689


fulldisclosure logo
Full Disclosure
mailing list archives

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689


From: yavuz atlas
Date: Wed, 13 Jun 2018 12:42:35 +0300


I. VULNERABILITY
-------------------------
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-11689

III. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689

IV. CREDIT
-------------------------
Yavuz Atlas - Biznet Bilisim
http://www.biznet.com.tr/biznet-guvenlik-duyurulari

V. DESCRIPTION
-------------------------
Samsung Web Viewer for Samsung DVR devices (Samsung Smart Viewer) is
vulnerable to cross-site scripting. The vulnerability allows remote
attackers to inject arbitrary web script or HTML.

VI. PROOF OF CONCEPT
-------------------------
Request:
GET /cgi-bin/webviewer_login_page?lang=tu&loginvalue=0&port=0&data3=
HTTP/1.1
Host: 10.10.10.10

Response:
HTTP/1.1 200 OK
X-UA-Compatible: IE=EmulateIE9, requiresActiveX=true
Content-type: text/html
Connection: close
Date: Wed, 23 May 2018 11:14:09 GMT
Server: lighttpd/1.4.35
Content-Length: 10797
…
function setcookie(){
var val_rand = Math.random();
if(is_close_user_session == true)
document.login_page_submit.close_user_session.value = 1;
else
document.login_page_submit.close_user_session.value = 0;
document.login_page_submit.data1.value =
data_parser(document.login_page.data1.value);
document.login_page_submit.data2.value =
do_encrypt(document.login_page.data2.value);
document.login_page_submit.data3.value = ;
document.login_page_submit.data4.value = val_rand;
document.login_page_submit.submit();
}
…

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/




  By Date  
     
  By Thread  

Current thread:

  • Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 yavuz atlas (Jun 14)


Read Original
Author: