So I was perusing around our local Sur La Table and came across this

http://i.imgur.com/LeGpD.jpg

(to the left is a Cisco VoIP phone that it was plugged in to)

Needless to say it caught my attention.

I tried the 3 finger salute, I tried the Windows button, and the windows + D button and I wasn't getting anywhere.

So I started to poke around the menus and all that I had access to was the website.
No URL bar, no right click to open in new window or save as.

So I was wondering how I could get to another website to potentially download an command prompt or something, when I only have access to their website?

Well their website is vulnerable to XSS which allowed me to do a document.location

http://www.surlatable.com/search/searchContainer.jsp?q="><script>document.location='http://google.com';</script>&s=true

as you can see by: http://i.imgur.com/dMGpS.jpg

Another potentional option would have been via their home page, is their ads to their twitter and facebook pages.

So obviosuly they didn't have a whitelist/blacklist of URLs to visit.

I was not able to exploit any further, as my significant other was catching on to what I was doing.

But with it being tied into the Cisco phones, I would place a bet that it is tied into the same system as the cash registers. (just speculating here)

So happy hacking!

http://www.xssed.com/archive/author=PaPPy/



Edited 2 time(s). Last edit at 01/16/2012 09:35AM by PaPPy.

Very nice! If you can't download/execute files, perhaps you could use some js to find out what the browser is, see if it has known exploits..

edit: You can probably access the POS system with the free wifi but that's boring



Edited 1 time(s). Last edit at 01/16/2012 01:10PM by Albino.