By performing a legal web audit (white box) of a client, I found myself in front of a Kodak InSite portal version 8.0.
After reviewing it from top to bottom, I found something curious: the portal had its own system for making a compatibility diagnosis to know if your web browser could work with the Kodak InSite portal.
As expected, this type of web diagnostics contained security deficiencies. Specifically, it was a JS function called “CSDU_DisplayDiagnosticApplet”, which allows code to be injected into the parameter “paramFile” using the GET method.
After informing my client, I contacted Kodak, as it is my duty as Ethical Hacker to try to mitigate this security breach. After numerous e-mails exchanged with Kodak, I am informed that they have no way to validate this security breach if I do not give them access to the Kodak Insite portal that my client has installed. After this “absurd” excuse, I decided to make this vulnerability public through two sources:
I also told Kodak that I could try this problem on any of the Kodak InSite portals that google has indexed. We simply had to ponder “intitle: kodak insite” in google.
Using the second “public source” found in Google, we use one of two payloads from the POC in my packetstormsecurity publication.
I hope you liked it.