Exploits / Vulnerability Discovered : 2019-01-07 |
Type : webapps |
Platform : windows
This exploit / vulnerability Leica geosystems gr10/gr25/gr30/gr50 gnss 4.30.063 js/html code injection is for educational purposes only and if it is used you will do on your own risk!
Vendor: Leica Geosystems AG
Product web page: https://www.leica-geosystems.com
Affected version: 4.30.063
4.20.232
4.11.606
3.22.1818
3.10.1633
2.62.782
1.00.395
Summary: The Leica GR10 is the next generation GNSS reference station receiver
that combines the latest state-of-the-art technologies with a streamlined
'plug and play' workflow. Designed for a wide variety of GNSS reference station
applications, the Leica GR10 offers new levels of simplicity, reliability and
performance.
Desc: The application suffers from a stored XSS vulnerability. The issue is
triggered via unrestricted file upload while restoring a config file allowing
the attacker to upload an html or javascript file that will be stored in
/settings/poc.html. This can be exploited to execute arbitrary HTML or JS
code in a user's browser session in context of an affected site.
Tested on: BarracudaServer.com (WindowsCE)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience