Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ASUS RT-N56U 3.0.0.4.374_239 Cross Site Scripting

🗓️ 04 Feb 2016 00:00:00Reported by Nicholas LehmanType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

ASUS RT-N56U Persistent XSS vulnerability allows authenticated attackers to bypass input sanitation in the username input field of the Server Center page, leading to potential cross-site scripting attacks

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512  
  
  
# Exploit Title: ASUS RT-N56U Persistent XSS  
# Date: 2/2/2016  
# Exploit Author: @GraphX  
# Vendor Homepage: http://asus.com/  
# Version: 3.0.0.4.374_239  
  
1 Description:  
It is possible for an authenticated attacker to bypass input sanitation in  
the username input field of the Server Center page. An interception proxy  
is not required with the use of the developer console and changing the  
field value of the username after the third verification task is complete,  
and before the password sanitation begins in the modify_account.asp file.  
  
Alternatively, an attacker can bypass client side sanitation all together  
by submitting a valid option and then changing the parameters in an  
interception proxy.  
  
There is a small amount of server-side sanitation, but this is easily  
circumvented by making sure (in this example) the field value ends up  
looking like this. user"><img onerror=alert(1) src=blah> Keeping the the  
src parameter as far to the right as possible appears to circumvent any  
server-side sanitation attempts.  
  
2 Proof of Concept  
  
1)Login to router  
  
2)navigate to:  
http:/<router_IP>/aidisk/modify_account.asp?account=user&new_account=user<img  
onclick="javascript:alert(1)"  
src=blah>&new_password=123&confirm_password=123  
  
3 Solution:  
Don't buy ASUS Routers.  
**********NOTE******************  
Other router models are likely affected by this vulnerability as they  
appear to share the same or similar firmware (example: RT-N66U).  
I have been unable to confirm this theory as the vendor is unresponsive.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1  
  
iQIcBAEBCgAGBQJWsTQWAAoJEGoTpzhfiAPx1GQP/jTWI6Mv3S5I1IHkbxBfGsNZ  
G2wGPGdfFlyG4SkJDnfGgADDFp22X6tded5sygfcHfI4zDephmyYezGJuo//Dfjj  
SVpRWfkvezvnrJgnSe44JSKm9wLmthyZrTvYxBk44036g7z+bxZDxB/ueDaV029O  
MRC22qG1LNSyuhOEoGsPKnfM4mk8OC7PlZBUCwuIAgbLBNLSFVRu7a87vwlZky4U  
tr40vo/ca9Dxjufd5yBcWD5PgWANRb/rhu/sEOliu8UsYnjp5ce/46VgV6aRXLg0  
KV9Dk3MBxiIF1mw8Si+8/A7yWyKvCMO7DPS2VWQnQThy4qaditumxUfGRddp19hQ  
enHTmVnLEM5UpjIFRTZMYnTZgGnn6NChFlw7eIAsrp4e8nUHMvsi5rzk6l+uFfz4  
y7kdRtUJx5n97znov1azTzR38PVqqbWhiQckA9Nj71ZfXhhAE4PKfz9vROflRnqx  
++7uiqVFPdl67K+2Ux4jYfX20PR8c1Ewqq3IE13HLBM0resAu87Drx1cHGt3BcPN  
xV/vb/mXsNJYro/aMfDlR9rfIfevgvgsZQZgS9Ho+ybgvJ64tD1COwp980U3ZxuE  
O68tFIhXwxKazWUUTFrGZlPG7+j5gYZ/pScJb/pwcVZiPIFvtH32D0m2ln4ZNCpQ  
PA6G2zdsMmYwlgVyx77Z  
=d7Hq  
-----END PGP SIGNATURE-----  
  
  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2016 00:00Current
7.4High risk
Vulners AI Score7.4
asus rt-n56upersistent xssinput sanitationauthenticationserver centercross-site scripting
20