Monday, January 27, 2020

[Symmetricom] SyncServer S100/S200/S250/S300/S350 - Stored XSS - Not authenticated - (CVE-2020-9028)


SyncServer S100/S200/S250/S300/S350 devices in their WEB application, are not properly sanitizing the entry of user, so it presents a stored XSS vulnerability, specifically in the "User Creation, Deletion and Password Maintenance" function, which makes it possible for an attacker to inject Javascript code into the "newUserName" parameter when creating a new user.

This attack can be made unauthenticated due to the failure mentioned HERE



We go to the ADMIN Menu => USERS => NEW USER. Once there, create any user and capture the request.





We modify the parameter "newUserName" and inject our payload, in this case the classic "<script> alert (1) </script>"

To see the execution, we enter the ADMIN menu again





















Affected Versions:

  • SyncServer S100 - 2.90.70.3 Build 2.90.70.3 
  • SyncServer S200 - 1.30
  • SyncServer S250 - 1.25
  • SyncServer S300 - 2.65.0 Build 2.65.0 
  • SyncServer S350 - 2.80.1 Build 2.80.1

CVE-2020-9028
By: @Linuxmonr4



Monr4

Autor

0 comentarios:

Post a Comment

 
biz.