Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Hacking Sur La Table's Kiosk
Posted by: PaPPy
Date: January 16, 2012 09:29AM

So I was perusing around our local Sur La Table and came across this

http://i.imgur.com/LeGpD.jpg

(to the left is a Cisco VoIP phone that it was plugged in to)

Needless to say it caught my attention.

I tried the 3 finger salute, I tried the Windows button, and the windows + D button and I wasn't getting anywhere.

So I started to poke around the menus and all that I had access to was the website.
No URL bar, no right click to open in new window or save as.

So I was wondering how I could get to another website to potentially download an command prompt or something, when I only have access to their website?

Well their website is vulnerable to XSS which allowed me to do a document.location

http://www.surlatable.com/search/searchContainer.jsp?q="><script>document.location='http://google.com';</script>&s=true

as you can see by: http://i.imgur.com/dMGpS.jpg

Another potentional option would have been via their home page, is their ads to their twitter and facebook pages.

So obviosuly they didn't have a whitelist/blacklist of URLs to visit.

I was not able to exploit any further, as my significant other was catching on to what I was doing.

But with it being tied into the Cisco phones, I would place a bet that it is tied into the same system as the cash registers. (just speculating here)

So happy hacking!

http://www.xssed.com/archive/author=PaPPy/



Edited 2 time(s). Last edit at 01/16/2012 09:35AM by PaPPy.

Options: ReplyQuote
Re: Hacking Sur La Table's Kiosk
Posted by: Albino
Date: January 16, 2012 01:01PM

Very nice! If you can't download/execute files, perhaps you could use some js to find out what the browser is, see if it has known exploits..

edit: You can probably access the POS system with the free wifi but that's boring



Edited 1 time(s). Last edit at 01/16/2012 01:10PM by Albino.

Options: ReplyQuote


Sorry, only registered users may post in this forum.