exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ASUS RT-N56U 3.0.0.4.374_239 Cross Site Scripting

ASUS RT-N56U 3.0.0.4.374_239 Cross Site Scripting
Posted Feb 4, 2016
Authored by Nicholas Lehman

ASUS RT-N56U version 3.0.0.4.374_239 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 87441652c6842207664db5e93c4cca7115dd476b58654fed698224aba77c8880

ASUS RT-N56U 3.0.0.4.374_239 Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


# Exploit Title: ASUS RT-N56U Persistent XSS
# Date: 2/2/2016
# Exploit Author: @GraphX
# Vendor Homepage: https://asus.com/
# Version: 3.0.0.4.374_239

1 Description:
It is possible for an authenticated attacker to bypass input sanitation in
the username input field of the Server Center page. An interception proxy
is not required with the use of the developer console and changing the
field value of the username after the third verification task is complete,
and before the password sanitation begins in the modify_account.asp file.

Alternatively, an attacker can bypass client side sanitation all together
by submitting a valid option and then changing the parameters in an
interception proxy.

There is a small amount of server-side sanitation, but this is easily
circumvented by making sure (in this example) the field value ends up
looking like this. user"><img onerror=alert(1) src=blah> Keeping the the
src parameter as far to the right as possible appears to circumvent any
server-side sanitation attempts.

2 Proof of Concept

1)Login to router

2)navigate to:
http:/<router_IP>/aidisk/modify_account.asp?account=user&new_account=user<img
onclick="javascript:alert(1)"
src=blah>&new_password=123&confirm_password=123

3 Solution:
Don't buy ASUS Routers.
**********NOTE******************
Other router models are likely affected by this vulnerability as they
appear to share the same or similar firmware (example: RT-N66U).
I have been unable to confirm this theory as the vendor is unresponsive.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWsTQWAAoJEGoTpzhfiAPx1GQP/jTWI6Mv3S5I1IHkbxBfGsNZ
G2wGPGdfFlyG4SkJDnfGgADDFp22X6tded5sygfcHfI4zDephmyYezGJuo//Dfjj
SVpRWfkvezvnrJgnSe44JSKm9wLmthyZrTvYxBk44036g7z+bxZDxB/ueDaV029O
MRC22qG1LNSyuhOEoGsPKnfM4mk8OC7PlZBUCwuIAgbLBNLSFVRu7a87vwlZky4U
tr40vo/ca9Dxjufd5yBcWD5PgWANRb/rhu/sEOliu8UsYnjp5ce/46VgV6aRXLg0
KV9Dk3MBxiIF1mw8Si+8/A7yWyKvCMO7DPS2VWQnQThy4qaditumxUfGRddp19hQ
enHTmVnLEM5UpjIFRTZMYnTZgGnn6NChFlw7eIAsrp4e8nUHMvsi5rzk6l+uFfz4
y7kdRtUJx5n97znov1azTzR38PVqqbWhiQckA9Nj71ZfXhhAE4PKfz9vROflRnqx
++7uiqVFPdl67K+2Ux4jYfX20PR8c1Ewqq3IE13HLBM0resAu87Drx1cHGt3BcPN
xV/vb/mXsNJYro/aMfDlR9rfIfevgvgsZQZgS9Ho+ybgvJ64tD1COwp980U3ZxuE
O68tFIhXwxKazWUUTFrGZlPG7+j5gYZ/pScJb/pwcVZiPIFvtH32D0m2ln4ZNCpQ
PA6G2zdsMmYwlgVyx77Z
=d7Hq
-----END PGP SIGNATURE-----





Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close