Skip to content

Instantly share code, notes, and snippets.

@priyanksethi

priyanksethi/gist:08fb93341cf7e61344aad5c4fee3aa9b

Created June 5, 2018 14:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save priyanksethi/08fb93341cf7e61344aad5c4fee3aa9b to your computer and use it in GitHub Desktop.
Save priyanksethi/08fb93341cf7e61344aad5c4fee3aa9b to your computer and use it in GitHub Desktop.
Download ZIP
Twonky Server 8.5 has XSS via a modified "language" parameter in the Language section.
Raw
gistfile1.txt
[Additional Information]
> Steps for reproduction:
> 1. Navigate to System and then move to Language section.
>
> 2. Select the language to "Italiano"
>
> 3. Click on "save changes" and intercept the POST request for the same.
>
> 4. Replace the selected "language" parameter with payload <img src=/ onerror=alert(1)>
>
> 5. XSS is executed.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> Lynx Technology
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Twonky Media Server - 8.5
>
> ------------------------------------------
>
> [Affected Component]
> Twonky Media Server v8.5
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> I was able to identify reflective XSS in "language" parameter while changing the language for the product
> ------------------------------------------
>
> [Fixed version]
> TwonkyMedia Server version 8.5.1
>
> [Discoverer]
> Priyank Sethi, Prafull Agarwal
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment