Kodi 17.6 – Persistent Cross-Site Scripting

• Exploit Database
• 116 阅读

• 作者： Manuel García Cárdenas
  日期： 2018-04-18
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/44487/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83

  ============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised:April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) - CVE-ID: CVE-2018-8831 =============================================   I. VULNERABILITY ------------------------- Kodi <= 17.6 - Persistent Cross-Site Scripting   II. BACKGROUND ------------------------- Kodi (formerly XBMC) is a free and open-source media player software application developed by the XBMC Foundation, a non-profit technology consortium. Kodi is available for multiple operating systems and hardware platforms, with a software 10-foot user interface for use with televisions and remote controls.   III. DESCRIPTION ------------------------- Has been detected a Persistent XSS vulnerability in the web interface of Kodi, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user&apos;s browser.   IV. PROOF OF CONCEPT ------------------------- Go to: Playlist -> Create   Create a playlist injecting javascript code:   <img src=x onerror=alert(1)>   The XSS is executed, in the victim browser.   V. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user&apos;s browser, this can leverage to steal sensitive information as user credentials, personal data, etc.   VI. SYSTEMS AFFECTED ------------------------- Kodi <= 17.6   VII. SOLUTION ------------------------- Vendor include the fix: https://trac.kodi.tv/ticket/17814   VIII. REFERENCES ------------------------- https://kodi.tv/   IX. CREDITS ------------------------- This vulnerability has been discovered and reported by Manuel Garcia Cardenas (advidsec (at) gmail (dot) com).   X. REVISION HISTORY ------------------------- March 19, 2018 1: Initial release April 16, 2018 2: Last revision   XI. DISCLOSURE TIMELINE ------------------------- March 19, 2018 1: Vulnerability acquired by Manuel Garcia Cardenas March 19, 2018 2: Send to vendor March 30, 2018 3: Vendo fix April 16, 2018 4: Sent to lists   XII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.   XIII. ABOUT ------------------------- Manuel Garcia Cardenas Pentester