'[FD] Persistent XSS in Abus Security Center - CVSS 8.0'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] Persistent XSS in Abus Security Center - CVSS 8.0
From:       Tim Schughart <t.schughart () prosec-networks ! com>
Date:       2016-09-29 14:49:21
Message-ID: B0C8EE91-7C69-4817-9479-43812A2E2F63 () prosec-networks ! com
[Download RAW message or body]

Hi@all, 

Product: Abus Security Cams 
Vendor:Abus Group  

Internal reference: - 
Vulnerability type: Cross Site Scripting 
Vulnerable version: 0101a and possible other versions affected (not tested)
Vulnerable component: FTP
Report confidence: Confirmed
Solution status: Not fixed by Vendor, will not patch the vuln. 
Fixed versions: -
Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks
Vendor notification: 2016-09-21
Solution date: 
Public disclosure: 2016-09-29
CVE reference: 
CVSSv3: 8.0 AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H \
<https://nvd.nist.gov/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>

Vulnerability Details:
The entered username via FTP login is reflected to the log which is rendered in the web \
interface without input validation. This results in an successfull, persistent, XSS.

Risk:
Through this you are able to get e.g. the session cookies of the cams administrator. So you are \
able to get full access - persistent. 

PoC: 
FTP Username: <script>alert(document.cookie)</script> 
FTP Pass: any 

Browse to log and watch the popup :) 

Best regards / Mit freundlichen Grüßen 

Tim Schughart 
CEO / Geschäftsführer  

--
ProSec Networks e.K.
Ellingshohl 82
56076 Koblenz 

Website: https://www.prosec-networks.com <http://www.prosec-networks.com/> 
E-Mail: t.schughart@prosec.networks.com <mailto:info@prosec.networks.com> 
Mobile: +49 (0)157 7901 5826
Phone: +49 (0)261 450 930 90

"This E-Mail communication may contain CONFIDENTIAL, PRIVILEGED and/or LEGALLY PROTECTED \
information and is intended only for the named recipient(s). Any unauthorized use, \
dissemination, copying or forwarding is strictly prohibited. If you are not the intended \
recipient and have received this email communication in error, please notify the sender \
immediately, delete it and destroy all copies of this E-Mail. VAT ID: DE290654714 legal \
domicile Koblenz, HRA 21621."

"Diese E-Mail Mitteilung kann VERTRAULICHE, dem BERUFSGEHEIMNIS UNTERLIEGENDE und/oder \
RECHTLICH GESCHÜTZTE Informationen enthalten und ist ausschließlich für den/die genannten \
Adressaten bestimmt. Jede unbefugte Nutzung, Weitergabe, Vervielfältigung oder Versendung ist \
strengstens verboten. Sollten Sie nicht der angegebene Adressat sein und diese E-Mail \
Mitteilung irrtümlich erhalten haben, informieren Sie bitte sofort den Absender, löschen \
diese E-Mail und vernichten alle Kopien. USt-IdNr.:  DE290654714, Amtsgericht Koblenz, HRA \
21621."

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[prev in list] [next in list] [prev in thread] [next in thread] 