0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting Vulnerability
# Exploit Title: RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting # Exploit Author: Jonatan Schor and Uriel Yochpaz # Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway # Version: SecFlow-1v os-image SF_0290_2.3.01.26 # Tested on: RAD SecFlow-1v # CVE : N/A A Stored-XSS vulnerability was found in multiple pages in the web-based management interface of RAD SecFlow-1v. An attacker could exploit this vulnerability by uploading a malicious file as the OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. These files content is presented to users while executing malicious stored JavaScript code. This could be exploited in conjunction with CVE-2020-13259 # Proof of Concept Upload a file containing the following JS code: <img src=x onerror=alert(1)> Refresh the page and observe the malicious JS code execute every time you browse the compromised page. # Full Account Takeover As mentioned above, this exploit could be used in conjunction with CVE-2020-13259 (CSRF), by using the CSRF exploit to upload a malicious file to a Stored-XSS vulnerabale page, which could allow Full Account Takeover. For further information and full PoC: https://github.com/UrielYochpaz/CVE-2020-13259 # Timeline May 19th, 2020 - Vulnerability exposed. May 19th, 2020 – Vulnerability reported to RAD. May 21th, 2020 – Vulnerability reported to MITRE. May 21th, 2020 – MITRE assigned CVE: CVE-2020-13260. May 22th, 2020 – Contacted RAD for further details and cooperation. Aug 25th, 2020 – RAD patched the vulnerability. # 0day.today [2024-12-24] #