Flexense DiskPulse 10.7 Cross Site Scripting

Flexense DiskPulse 10.7 Cross Site Scripting: Posted May 2, 2018; Authored by Francisco Javier Santiago Vazquez; Flexense DiskPulse versions 10.1 through 10.7 suffer from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2018-10563; SHA-256 | 6eadf22018c1b4e37e5377d52998110dcdb2f091ef9a7d117aeef95446a1afbf; Download | Favorite | View

Flexense DiskPulse 10.7 Cross Site Scripting

 *Description:*
URL: localhost/
Affected Component: */?n0ipr0cs<script>alert('XSS')</script>n0ipr0cs=1*

*Vulnerability Type:*
Cross Site Scripting https://cwe.mitre.org/data/definitions/79.html

*Vendor of Product: *
Flexense DiskPulse

*Version: *
from v10.4 to v10.7.

*Attack Type: *
Remote

*Impact: *
This attack allows an attacker code execution. The vulnerability affects
the confidentiality of personal data, possible theft of confidential
information, for example credentials of session, cookie information,
personal information, or a possible loss of control of the PC.

*About:*
DiskPulse is a real-time disk change monitoring solution allowing one to
monitor one or more disks or directories, save reports and disk change
monitoring statistics, export detected changes to a centralized SQL
database, execute custom commands and send E-Mail notifications when
unauthorized changes are detected in critical system files.

*Credits:*
This vulnerability have been discovered by
Francisco Javier Santiago VA!zquez  aka "n0ipr0cs"
https://es.linkedin.com/in/francisco-javier-santiago-v%C3%A1zquez-1b654050
https://twitter.com/n0ipr0cs

*Disclosure Timeline:*
April 07, 2018: Vulnerability acquired by Francisco Javier Santiago
VA!zquez. aka "n0ipr0cs".
April 07, 2018: Responsible disclosure to Flexense Security Team.
April 18, 2018: Second Message Responsible disclosure to Flexense Security
Team.
April 26, 2018: The vulnerability has been fixed.The new product version
(v10.8) fixes a number of bugs and security vulnerabilities, this include
CVE-2018-10563
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10563>
April 30, 2018: Disclosure of vulnerability.

*Link:*
http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions

<http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions>



<https://about.me/javiersantiagovazquez?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb>
F. Javier Santiago VA!zquez
about.me/javiersantiagovazquez
<https://about.me/javiersantiagovazquez?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb>

Top Authors In Last 30 Days

Red Hat 287 files
Ubuntu 60 files
Debian 32 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
liquidsky 3 files
kai6u 3 files
malvuln 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

Flexense DiskPulse 10.7 Cross Site Scripting

Flexense DiskPulse 10.7 Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Flexense DiskPulse 10.7 Cross Site Scripting

Share This

Flexense DiskPulse 10.7 Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems