Exploits / Vulnerability Discovered : 2018-09-12 |
Type : webapps |
Platform : windows
This exploit / vulnerability Synaman 4.0 build 1488 (authenticated) crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
Description
-----------------------------------------------------------------
SynaMan 4.0 suffers from Authenticated Cross Site Scripting (XSS)
Prerequisites
-----------------------------------------------------------------
Admin access to Synaman web console
Proof of Concept
-----------------------------------------------------------------
From Configuration > Advanced Configuration > Partial Branding
- Main heading
- Sub heading
If one were to apply the following XSS payload in either of the fields, alert pop-ups with xss would be present on navigation throughout the web app
<script>alert("xss");</script>
While Chrome does block the XSS payload on apply, simply hitting the back button and selecting "Explore" the payload is stored
Timeline
---------------------------------------------------------------------
05-07-18: Vendor notified of vulnerabilities
05-08-18: Vendor responded and will fix
07-25-18: Vendor fixed in new release
09-12-18: Submitted public disclosure