Cisco Digital Network Architecture Center 1.3.1.4 – Persistent Cross-Site Scripting

• Exploit Database
• 20 阅读

• 作者： Dylan Garnaud
  日期： 2020-05-12
• 类别：

  • webapps
  平台：

  • java
• 来源：https://www.exploit-db.com/exploits/48459/

• # Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting 
  # Date: 2020-04-16
  # Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France
  # Vendor Homepage: https://www.cisco.com/c/en/us/products/cloud-systems-management/dna-center/index.html
  # Version: Cisco DNA before 1.3.0.6 and 1.3.1.4
  # Tested on: 1.3.0.2
  # CVE : CVE-2019-15253
  # Security advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190205-dnac-xss
  
  
  ## 1 - Network Hierarchy
  - Vulnerable parameter: Floor Name.
  - Payload: ```<script>alert('XSS')</script>```
  - Details: There is no control or security mechanism on this field. Specials characters are not encoded or filtered.
  - Privileges: It requires admin or customer account.
  - Location: Design -> Network Hirearchy -> Building -> Floor -> Field: "Floor name" .
  
  
  ## 2 - User Management
  - Vulnerable parameters: First Name, Last Name .
  - Payload: ```<script>alert('XSS')</script>```
  - Details: There is no control or security mechanism on this field. Specials characters are not encoded or filtered.
  - Privileges: It requires admin account.
  - Location: Settings -> Users -> User Management -> Fields: "First Name" or "Last Name".