what you don't know can hurt you

Huawei SEQ Analyst Cross Site Scripting

Huawei SEQ Analyst Cross Site Scripting
Posted Apr 16, 2015
Authored by Ugur Cihan KOC

Huawei SEQ Analyst version V200R002C03LG0001SPC100 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-2347
MD5 | f4a89fb1769f765f9bb6b98b6b53c522

Huawei SEQ Analyst Cross Site Scripting

Change Mirror Download
#Document Title:
============
Huawei SEQ Analyst - Multiple Reflected Cross Site Scripting (XSS)

#Release Date:
===========
15 Apr 2015

#CVE-ID:
=======
CVE-2015-2347

#Product & Service Introduction:
=======================
SEQ Analyst is a platform for business quality monitoring and management by
individual user and multiple vendors in a quasi-realtime and retraceable
manner
More Details & Manual ;
http://download.huawei.com/download/filedownload.do?modelID=bulletin&refID=IN0000056669,101

#Vulnerability Disclosure Timeline:
========================
3 Mar 2015 Bug reported to the vendor.
6 Mar 2015 Vendor returned ; investigating
16 Mar 2015 Asked about the case.
16 Mar 2015 Vendor has validated the issue.
17 Mar 2015 There aren't any fix the issue.
18 Mar 2015 CVE number assigned
15 Apr 2015 Fixed

#Affected Product(s):
===============
Huawei Technologies Co. Ltd.
Product: Huawei SEQ Analyst V200R002C03LG0001SPC100 (other versions may be
vulnerable)

#Exploitation Technique:
=================
Local, Authenticated

#Technical Details:
========================
Sample Payload : 261e9<script>alert(1)</script>57114
Affected Path/Parameter: [4 parameter]
/common/flexdata.action
[command XML parameter]
/monitor/flexdata.action
[command XML parameter]
[module XML parameter]
/psnpm/flexdata.action
[command XML parameter]

#Proof of Concept (PoC):
==================
https://drive.google.com/folderview?id=0B-LWHbwdK3P9fnBlLWZqWlZqNnB0b2xHWFpYUWt3bmY3Y0lPUHVLNm9VTUlFcWhYTHlZSUU&usp=sharing

#Solution Fix & Patch:
================
15 Apr 2015 Fixed version --> SEQ Analyst V200R002C03LG0001CP0022

#Credits & Authors:
==============
Ugur Cihan Koc
@_uceka_
www.uceka.com


Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close