SynaMan 4.0 build 1488 – (Authenticated) Cross-Site Scripting

• Exploit Database
• 37 阅读

• 作者： bzyo
  日期： 2018-09-12
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/45386/

• # Exploit Author: bzyo
  # CVE: CVE-2018-10763
  # Twitter: @bzyo_
  # Exploit Title: SynaMan 4.0 - Authenticated Cross Site Scripting (XSS)
  # Date: 09-12-18
  # Vulnerable Software: SynaMan 4.0 build 1488
  # Vendor Homepage: http://web.synametrics.com/SynaMan.htm
  # Version: 4.0 build 1488
  # Software Link: http://web.synametrics.com/SynaManDownload.htm
  # Tested On: Windows 7 x86
  
  Description
  -----------------------------------------------------------------
  SynaMan 4.0 suffers from Authenticated Cross Site Scripting (XSS)
  
  
  Prerequisites
  -----------------------------------------------------------------
  Admin access to Synaman web console
   
  Proof of Concept
  -----------------------------------------------------------------
  From Configuration > Advanced Configuration > Partial Branding
  - Main heading
  - Sub heading
  
  If one were to apply the following XSS payload in either of the fields, alert pop-ups with xss would be present on navigation throughout the web app
  
  <script>alert("xss");</script>
  
  While Chrome does block the XSS payload on apply, simply hitting the back button and selecting "Explore" the payload is stored
  
   
  Timeline
  ---------------------------------------------------------------------
  05-07-18: Vendor notified of vulnerabilities
  05-08-18: Vendor responded and will fix 
  07-25-18: Vendor fixed in new release
  09-12-18: Submitted public disclosure