exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting

ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting
Posted Jul 29, 2011
Authored by Narendra Shinde

ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4307cd7c0b9620083e36f686fe14e007f7ca64884c5ceaa83beff75b77a767ac

ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting

Change Mirror Download

=======================================================================
Secur-I Research Group Security Advisory [ SV-2011-003]
=======================================================================
Title: ManageEngine ServiceDesk Plus 8.0 Build 8013 Multiple Persistence Cross Site Scripting Vulnerabilities
Product: ServiceDesk Plus
Vulnerable version: 8.0 Build 8013 (Other versions could also be affected)
Fixed version: N/A
Impact: Medium
Homepage: http://www.manageengine.com/
Vulnerability ID: SV-2011-003
Found: 2011-07-08
By: Narendra Shinde
Secur-I Research Group
http://securview.com/
=======================================================================


Vendor description:
-------------------
ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT effectively. It helps you implement ITIL best practices and troubleshoot IT service requests faster. ServiceDesk Plus is highly customizable, easy-to-implement help desk software. More than 10,000 IT managers worldwide use ServiceDesk Plus to manage their IT help desk and assets.ServiceDesk Plus is available in 23 different languages.

Source: http://www.manageengine.com/products/service-desk/


Vulnerability Information:
-------------------------
Class: Improper Neutralization of Input during Web Page Generation
('Cross-site Scripting') [CWE-79]
Impact: Insertion and Execution of malicious scripts in user browser
Remotely Exploitable: Yes
Authentication Required: Yes
User interaction Required : Yes



Vulnerability overview/description:
-----------------------------------
ServiceDesk Plus version 8.0 Build 8013 is prone to multiple persistent cross-site scripting vulnerabilities as the user-supplied input received via certain parameters is not properly sanitized.

This can be exploited by submitting specially crafted input to the affected software. Successful exploitation could allow the attacker to execute arbitrary script code within the user's browser session in the security context of the targeted site. The attacker could gain access to user's cookies (including authentication cookies), if any, associated with the targeted site, access recently submitted data by the target user via web forms, or take actions on the site masquerading as the target user.



Proof-of-Concept(PoC):

a)
URL: http://vulnerableserver/SetUpWizard.do?forwardTo=technician&fromModule=QuickAction
Action: Configuration wizard – Add New Technician
Vulnerable Parameter: Name
Test string used: “><script>alert(“SecurView”)</scrip

b)
URL: http://vulnerableserver/SiteDef.do
Action: Add a new site
Vulnerable Parameter: Site name
Test string used: “><script>alert(“SecurView”)</script>

c)
URL: http://vulnerableserver/GroupResourcesDef.do
Action: Create Group
Vulnerable Parameter: Group Name
Test string used: “><script>alert(“SecurView”)</script>

d)
URL: http://vulnerableserver/LicenseAgreement.do?operation=newagreement
Action: Add new license agreement
Vulnerable Parameter: Agreement Number
Test string used: “><script>alert(“SecurView”)</script>

e)
URL: http://vulnerableserver/ManualNodeAddition.do?isServer=true
Action: Server Configuration – Computer
Vunlerable parameter: Name
Test string used: “><script>alert(“Securview”)</script>




Workaround:
-----------
Proper user input filtering. For more details please refer:
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

Timeline:
---------
Vulnerability Found : 14/7/2011
Reported to Vendor : 14/7/2011
Confirmation from vendor : 19/7/2011
Public Disclosure : 29/7/2011


Thanks & Regards,
Narendra.

Confidentiality: This e-mail and any attachments may be confidential and may also be privileged. If you are not an intended named recipient, please notify the sender immediately and do not disclose the contents to another person use it for any purpose, or store or copy the information in any medium.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close