0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting Vulnerability

Author

Jonatan Schor

Risk

[

Security Risk High

]

0day-ID

Category

Date add

Platform

# Exploit Title: RAD SecFlow-1v SF_0290_2.3.01.26  - Persistent Cross-Site Scripting
# Exploit Author: Jonatan Schor and Uriel Yochpaz
# Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway
# Version: SecFlow-1v os-image SF_0290_2.3.01.26
# Tested on: RAD SecFlow-1v
# CVE : N/A

A Stored-XSS vulnerability was found in multiple pages in the web-based
management interface of RAD SecFlow-1v.
An attacker could exploit this vulnerability by uploading a malicious file
as the OVPN file in Configuration-Services-Security-OpenVPN-Config or as
the static key file in Configuration-Services-Security-OpenVPN-Static Keys.
These files content is presented to users while executing malicious stored
JavaScript code.
This could be exploited in conjunction with CVE-2020-13259

# Proof of Concept
Upload a file containing the following JS code:
<img src=x onerror=alert(1)>
Refresh the page and observe the malicious JS code execute every time you
browse the compromised page.

# Full Account Takeover
As mentioned above, this exploit could be used in conjunction with
CVE-2020-13259 (CSRF), by using the CSRF exploit to upload a malicious file
to a Stored-XSS vulnerabale page, which could allow Full Account Takeover.
For further information and full PoC:
https://github.com/UrielYochpaz/CVE-2020-13259

# Timeline
May 19th, 2020 - Vulnerability exposed.
May 19th, 2020 – Vulnerability reported to RAD.
May 21th, 2020 – Vulnerability reported to MITRE.
May 21th, 2020 – MITRE assigned CVE: CVE-2020-13260.
May 22th, 2020 – Contacted RAD for further details and cooperation.
Aug 25th, 2020 – RAD patched the vulnerability.

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting Vulnerability

Report Error

Report Error