Twenty Year Anniversary

Open-AudIT Community 2.2.6 Cross Site Scripting

Open-AudIT Community 2.2.6 Cross Site Scripting
Posted Aug 6, 2018
Authored by Ranjeet Jaiswal

Open-AudIT Community version 2.2.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-14493
MD5 | b63b5e92b84bb9d132ea06a01ab61ab9

Open-AudIT Community 2.2.6 Cross Site Scripting

Change Mirror Download
# Exploit Title: Open-AudIT Community 2.2.6 - Cross-Site Scripting
# Google Dork:NA
# Exploit Date: 2018-08-01
# Exploit Author: Ranjeet Jaiswal
# Vendor Homepage: https://opmantek.com/
# Software Link:https://opmantek.com/network-tools-download/open-audit/
# Affected Version: 2.2.6
# Category: WebApps
# Tested on: Windows 10
# CVE : CVE-2018-14493

# 1. Vendor Description:
# Network Discovery and Inventory Software | Open-AudIT | Opmantek
# Discover what's on your network
# Open-AudIT is the world's leading network discovery, inventory and audit
# program. Used by over 10,000 customers.

# 2. Technical Description:
# Cross-site scripting (XSS) vulnerability on Groups Page in Open-AudIT
# Community edition in 2.2.6 allows remote attackers to inject arbitrary web
# script or HTML in group name,as demonstrated in below POC.

# 3. Proof Of Concept:
# 3.1. Proof of Concept for Injecting html contain
# Step to reproduce.
# Step1:Login in to Open-Audit
# Step2:Go to Group page
# Step3:Select any group which are listed
# Step4:click on "Details tab".
# Step5:In the Name field put the following payload and saveit.

<p>Sorry! We have moved! The new URL is: <a href="http://geektyper.com/
">Open-Audit</a></p>

# Step6:Click on "View Tab" in which payload is put.
# Step7:When user Click on View Tab.User will see redirection hyperlink.
# Step8:When user click on link ,User will be redirected to Attacker or
# malicious website.

# 3.2. Proof of Concept for Injecting web script(Cross-site scripting)

# #Step to reproduce.
# Step1:Login in to Open-Audit
# Step2:Go to Groups page
# Step3:Select any group which are listed
# Step4:click on "Details tab" in which payload is put.
# Step5:In the Name field put the following payload and Saveit.

<script>alert(hack)</script>

# Step6:Click on "View Tab" of group in which payoad is put.
# Step7:When user Click on View Tab an Alert Popup will execute.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close