what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ServersCheck Monitoring Software Cross Site Scripting

ServersCheck Monitoring Software Cross Site Scripting
Posted Dec 22, 2017
Authored by Aloyce J. Makalanga

ServersCheck Monitoring Software versions prior to 14.2.3 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2017-17832
SHA-256 | 049e6c97e6148e6901b69dff7cce9f1a2c50b27b741b2ba8c7a09abd0fa80032

ServersCheck Monitoring Software Cross Site Scripting

Change Mirror Download
# Exploit Title: ServersCheck Monitoring Software before 14.2.3 Cross-site  scripting vulnerability
# CVE: CVE-2017-17832
# Date: 21-12-2017
# Exploit Author: Aloyce J. Makalanga
# Contact: https://twitter.com/aloycemjr <https://twitter.com/aloycemjr>
# Vendor Homepage: http://serverscheck.com
# Category: webapps
# Attack Type: Remote
# Impact: Data/Cookie theft

***Disclosure Timeline***

20-12-2017 - Vulnerability discovered
20-12-2017 - Vulnerability reported to the vendor
21-12-2017 - Vendor responded indicating that a patch will be available within 24 hours
21-12-2017 - Patch released (See https://serverscheck.com/monitoring-software/release.asp <https://serverscheck.com/monitoring-software/release.asp> )


1. Description


ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). If exploited, an authenticated attacker could steal victims' cookie, session tokens or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.


2. Proof of Concept

See: https://serverscheck.com/monitoring-software/release.asp <https://serverscheck.com/monitoring-software/release.asp>





3. Solution:

Update to version 14.2.3
http://downloads.serverscheck.com/monitoring_software/setup.exe
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close