what you don't know can hurt you

Manage Engine Device Expert 5.9.9.0 Cross Site Scripting

Manage Engine Device Expert 5.9.9.0 Cross Site Scripting
Posted Mar 23, 2015
Authored by Kaustubh G. Padwad

Manage Engine Device Expert version 5.9.9.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 0c28afbd1b355f909ade578987e45261

Manage Engine Device Expert 5.9.9.0 Cross Site Scripting

Change Mirror Download
===============================================================================
Stored XSS Vulnerability In Manage Engine Device Expert
===============================================================================

. contents:: Table Of Content

Overview
========

* Title :Stored XSS Vulnerability In Manage Engine Device Expert
* Author: Kaustubh G. Padwad
* Plugin Homepage: http://www.manageengine.com/products/device-expert/
* Severity: HIGH
* Version Affected: Version 5.9.9.0 Build: 5990
* Version Tested : Version 5.9.9.0 Build: 5990
* version patched: Separate Patch release for all version

Description
===========

About the Product
=================
DeviceExpert is a web–based, multi vendor network change, configuration and compliance management (NCCCM) solution for switches, routers, firewalls and other network devices. Trusted by thousands of network administrators around the world, DeviceExpert helps automate and take total control of the entire life cycle of device configuration management.

Vulnerable Parameter
--------------------

* Login Name



About Vulnerability
-------------------
This Product is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can execute arbitrary code into Admin manage console. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc.

Vulnerability Class
===================
Cross Site Request Forgery (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29)
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)

Steps to Reproduce: (POC)
=========================

1. After Setting up Manage engine Login to manage engine Device expert

2. Navigate to admin-->User Management-->New User

3.Put this Payload into Login Name

4.Fill the other details

#####payload To Use#######################
<BODY ONLOAD=alert('Hacked_ByS3curity_B3ast')>
##########################################

5. Click Save to See Stored XSS in action

6. Reload Pages to see it many times you want ;)

7. Same can be done By CSRF also :)

. image:: stoerdXSS.jpeg
:height: 1000 px
:width: 1000 px
:scale: 100 %
:alt: XSS POC
:align: center




Mitigation
==========
Receved from manage engine team

https://uploads.zohocorp.com/Internal_Useruploads/dnd/NetFlow_Analyzer/o_19ga51p951gblpbs1rkrm211vim1/vulnerabilities_Fix.zip

Open DeviceExper.zip

1. Stop the Device Expert service.
2. Please replace AdvNCM.jar under DeviceExpert_Home/lib with the one under DeviceExpert.zip/AdvNCM.jar
3. Start the Device Expert service


Change Log
==========


Disclosure
==========
11-February-2015 Reported to Developer
13-February-2015 Acknodlagement from Developer
13-March-2015 Fixed by developer
16-March-2015 Requested a cve ID
21-March-2015 Public Disclosed
credits
=======
* Kaustubh Padwad
* Information Security Researcher
* kingkaustubh@me.com
* https://twitter.com/s3curityb3ast
* http://breakthesec.com
* https://www.linkedin.com/in/kaustubhpadwad
Login or Register to add favorites

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close