Asus Cross Site Scrpting And Directory Listing Vulnerability

Hello

I am Adesh Nandkishor Kolte an Independent Cyber Security Resercher From India

I found Two vulnerablities in Asus web Subdomains when i was testing Asus :)

  1. Cross Site Scripting vulnerability
  2. Directory listing vulnerability

1-Cross Site Scripting Vulnerability

Vulnerable URLs:

http://sipfs.asus.com/jsp-examples/cal/cal2.jsp?time=7pm

http://sipfs.asus.com/jsp-examples/cal/cal2.jsp?time=3pm

http://sipfs.asus.com/jsp-examples/cal/cal2.jsp?time=1pm

Payload:

“>%22%3E%3Csvg%20onload=prompt(/xss/)%3E

Status: Patched

About Vulnerability

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

Directory Listing Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws

2.Directory Listing Vulnerability

Vulnerable URLs:

http://sipfs.asus.com/jsp-examples/cal/

http://sipfs.asus.com/jsp-examples/jsp2/el/

About Vulnerabilty

Web servers can be configured to automatically list the contents of directories that do not have an index page present. This can aid an attacker by enabling them to quickly identify the resources at a given path, and proceed directly to analyzing and attacking those resources. It particularly increases the exposure of sensitive files within the directory that are not intended to be accessible to users, such as temporary files and crash dumps.

Directory listings themselves do not necessarily constitute a security vulnerability. Any sensitive resources within the web root should in any case be properly access-controlled, and should not be accessible by an unauthorized party who happens to know or guess the URL. Even when directory listings are disabled, an attacker may guess the location of sensitive files using automated tools.

Got Hall Of Fame for reporting Those vulnerabilities to Asus

Hall Of Fame:

Asus Mail

Reference :

Thanks For Reading :)