39 lines
No EOL
1.3 KiB
Text
39 lines
No EOL
1.3 KiB
Text
# Exploit Author: bzyo
|
|
# CVE: CVE-2018-10763
|
|
# Twitter: @bzyo_
|
|
# Exploit Title: SynaMan 4.0 - Authenticated Cross Site Scripting (XSS)
|
|
# Date: 09-12-18
|
|
# Vulnerable Software: SynaMan 4.0 build 1488
|
|
# Vendor Homepage: http://web.synametrics.com/SynaMan.htm
|
|
# Version: 4.0 build 1488
|
|
# Software Link: http://web.synametrics.com/SynaManDownload.htm
|
|
# Tested On: Windows 7 x86
|
|
|
|
Description
|
|
-----------------------------------------------------------------
|
|
SynaMan 4.0 suffers from Authenticated Cross Site Scripting (XSS)
|
|
|
|
|
|
Prerequisites
|
|
-----------------------------------------------------------------
|
|
Admin access to Synaman web console
|
|
|
|
Proof of Concept
|
|
-----------------------------------------------------------------
|
|
From Configuration > Advanced Configuration > Partial Branding
|
|
- Main heading
|
|
- Sub heading
|
|
|
|
If one were to apply the following XSS payload in either of the fields, alert pop-ups with xss would be present on navigation throughout the web app
|
|
|
|
<script>alert("xss");</script>
|
|
|
|
While Chrome does block the XSS payload on apply, simply hitting the back button and selecting "Explore" the payload is stored
|
|
|
|
|
|
Timeline
|
|
---------------------------------------------------------------------
|
|
05-07-18: Vendor notified of vulnerabilities
|
|
05-08-18: Vendor responded and will fix
|
|
07-25-18: Vendor fixed in new release
|
|
09-12-18: Submitted public disclosure |