[Symmetricom] SyncServer S100/S200/S250/S300/S350 - Stored XSS - Not authenticated

julio 16, 2023

[Symmetricom] SyncServer S100/S200/S250/S300/S350 - Stored XSS - Not authenticated - (CVE-2020-9028)

SyncServer S100/S200/S250/S300/S350 devices in their WEB application, are not properly sanitizing the entry of user, so it presents a stored XSS vulnerability, specifically in the "User Creation, Deletion and Password Maintenance" function, which makes it possible for an attacker to inject Javascript code into the "newUserName" parameter when creating a new user.

This attack can be made unauthenticated due to the failure mentioned HERE

We go to the ADMIN Menu => USERS => NEW USER. Once there, create any user and capture the request.

We modify the parameter "newUserName" and inject our payload, in this case the classic "<script> alert (1) </script>"

To see the execution, we enter the ADMIN menu again

Affected Versions:

SyncServer S100 - 2.90.70.3 Build 2.90.70.3
SyncServer S200 - 1.30
SyncServer S250 - 1.25
SyncServer S300 - 2.65.0 Build 2.65.0
SyncServer S350 - 2.80.1 Build 2.80.1

CVE-2020-9028

By: @Linuxmonr4

Buscar este blog

Cacharros in the wild

[Symmetricom] SyncServer S100/S200/S250/S300/S350 - Stored XSS - Not authenticated - (CVE-2020-9028)

Comentarios

Publicar un comentario

Entradas populares

[EVERTZ] - Path Transversal && Arbitrary File Upload = SHELL [CVE-2020-22159 ]

[ITERIS] - Vantage Velocity Field Unit - Os Code Injection - (CVE-2020-9020)