Asus Cross Site Scrpting And Directory Listing Vulnerability

Adesh Kolte
Jan 23, 2018 · 3 min read

Hello

I am Adesh Nandkishor Kolte an Independent Cyber Security Resercher From India

I found Two vulnerablities in Asus web Subdomains when i was testing Asus :)

Image for post
Image for post
  1. Cross Site Scripting vulnerability
  2. Directory listing vulnerability

1-Cross Site Scripting Vulnerability

Vulnerable URLs:

http://sipfs.asus.com/jsp-examples/cal/cal2.jsp?time=7pm

http://sipfs.asus.com/jsp-examples/cal/cal2.jsp?time=3pm

http://sipfs.asus.com/jsp-examples/cal/cal2.jsp?time=1pm

Payload:

“>%22%3E%3Csvg%20onload=prompt(/xss/)%3E

Status: Patched

About Vulnerability

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

Directory Listing Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws

2.Directory Listing Vulnerability

Vulnerable URLs:

http://sipfs.asus.com/jsp-examples/cal/

http://sipfs.asus.com/jsp-examples/jsp2/el/

About Vulnerabilty

Web servers can be configured to automatically list the contents of directories that do not have an index page present. This can aid an attacker by enabling them to quickly identify the resources at a given path, and proceed directly to analyzing and attacking those resources. It particularly increases the exposure of sensitive files within the directory that are not intended to be accessible to users, such as temporary files and crash dumps.

Directory listings themselves do not necessarily constitute a security vulnerability. Any sensitive resources within the web root should in any case be properly access-controlled, and should not be accessible by an unauthorized party who happens to know or guess the URL. Even when directory listings are disabled, an attacker may guess the location of sensitive files using automated tools.

Got Hall Of Fame for reporting Those vulnerabilities to Asus

Hall Of Fame:

Image for post
Image for post
Asus Mail

Reference :

Thanks For Reading :)

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store