Monday, January 27, 2020

[Symmetricom] SyncServer S100/S200/S250/S300/S350 - Stored XSS - Not authenticated - (CVE-2020-9028)

SyncServer S100/S200/S250/S300/S350 devices in their WEB application, are not properly sanitizing the entry of user, so it presents a stored XSS vulnerability, specifically in the "User Creation, Deletion and Password Maintenance" function, which makes it possible for an attacker to inject Javascript code into the "newUserName" parameter when creating a new user.

This attack can be made unauthenticated due to the failure mentioned HERE

We go to the ADMIN Menu => USERS => NEW USER. Once there, create any user and capture the request.

We modify the parameter "newUserName" and inject our payload, in this case the classic "<script> alert (1) </script>"

To see the execution, we enter the ADMIN menu again

Affected Versions:

  • SyncServer S100 - Build 
  • SyncServer S200 - 1.30
  • SyncServer S250 - 1.25
  • SyncServer S300 - 2.65.0 Build 2.65.0 
  • SyncServer S350 - 2.80.1 Build 2.80.1

By: @Linuxmonr4



0 comentarios:

Post a Comment