Created
June 5, 2018 14:30
-
-
Save priyanksethi/08fb93341cf7e61344aad5c4fee3aa9b to your computer and use it in GitHub Desktop.
Twonky Server 8.5 has XSS via a modified "language" parameter in the Language section.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Additional Information] | |
> Steps for reproduction: | |
> 1. Navigate to System and then move to Language section. | |
> | |
> 2. Select the language to "Italiano" | |
> | |
> 3. Click on "save changes" and intercept the POST request for the same. | |
> | |
> 4. Replace the selected "language" parameter with payload <img src=/ onerror=alert(1)> | |
> | |
> 5. XSS is executed. | |
> | |
> ------------------------------------------ | |
> | |
> [Vulnerability Type] | |
> Cross Site Scripting (XSS) | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> Lynx Technology | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> Twonky Media Server - 8.5 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> Twonky Media Server v8.5 | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Remote | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Code execution] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> I was able to identify reflective XSS in "language" parameter while changing the language for the product | |
> ------------------------------------------ | |
> | |
> [Fixed version] | |
> TwonkyMedia Server version 8.5.1 | |
> | |
> [Discoverer] | |
> Priyank Sethi, Prafull Agarwal |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment