Skip to content

Instantly share code, notes, and snippets.

@med0x2e

med0x2e/gist:2715d32602ba688ea3bc239a3d5f8214

Created May 24, 2019 14:00
Show Gist options
  • Save med0x2e/2715d32602ba688ea3bc239a3d5f8214 to your computer and use it in GitHub Desktop.
Save med0x2e/2715d32602ba688ea3bc239a3d5f8214 to your computer and use it in GitHub Desktop.
Download ZIP
Samsung SCX-824 - XSS
Raw
gistfile1.txt
[Suggested description]
Samsung printer model "SCX-824" web console is vulnerable to
a reflected Cross-Site-Scripting (XSS) vulnerability which can be
triggered by using "print from file" feature which forward the
user to the following URL:
"http://<PRINTER_IP>/sws/swsAlert.sws?popupid=successMsg&type=alert&bullet=suc&func=&Nfunc=closePopup("successMsg","","")&flag=&frame=&msg="/><script>alert('XSS');</script>
The vulnerable parameter "msg" is not properly encoded before interepred as HTML/JS.
------------------------------------------
[Vulnerability Type]
Cross Site Scriptiong - XSS
------------------------------------------
[Vendor of Product]
HP
------------------------------------------
[Affected Product Code Base]
Samsung printer model "SCX-824"
------------------------------------------
[Affected Component]
Samsung printer model "SCX-824" "print from file" feature
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Denial of Service]
false
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[CVE Impact Other]
Privilege escalation, user impersonation using stolen credentials/cookies.
------------------------------------------
[Discoverer]
Elazaar Mohamed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment