S21SEC-038-en.txt

S21SEC-038-en.txt: Posted Oct 18, 2007; Authored by Juan de la Fuente Costa, Pablo Seijo Cajaraville | Site s21sec.com; S21sec has discovered a vulnerability in Alcatel Omnivista 4760 that allows injection of javascript code in text variables.; tags | exploit, javascript; SHA-256 | 6f7f01205b0f297adb9952ea0f556e8783078824cb75a59cf72ff44c90f8079c; Download | Favorite | View

S21SEC-038-en.txt

##############################################################
                      - S21Sec Advisory -
##############################################################

         Title:   Alcatel Omnivista 4760 Cross-Site Scripting
            ID:   S21SEC-038-en
  Severity:   Medium -
   History:   10.Jun.2007 Vulnerability discovered
                    20.Jun.2007 Vendor contacted
                    19.Oct.2007 Advisory released
  Authors:   Juan de la Fuente Costa (jfuente@s21sec.com)
                    Pablo Seijo Cajaraville (pseijo@s21sec.com)
        URL:   http://www.s21sec.com/avisos/s21sec-038-en.txt
Release:   Public

[ SUMMARY ]

Alcatel-Lucent OmniVista 4760 is an innovative, modular platform that  
provides a suite of network management applications.
This powerful Java-based tool, accessed through a Web browser,  
provides centralized management for the OmniPCX Enterprise.

The platform's open architecture enables today's IT managers and  
administrators to effectively monitor and maintain the
network, while lowering the company's total cost of ownership. This  
suite of network management applications includes:

     * LDAP Directory
     * Configuration
     * Accounting/Performance Management
     * Alarm Notification
     * Network Topology


[ AFFECTED VERSIONS ]

This vulnerability has been tested in Alcatel Omnivista 4760.


[ DESCRIPTION ]

S21sec has discovered a vulnerability in Alcatel Omnivista 4760 that  
allows injecting JavaScript code in text variables.
This issue allows javascript code execution in the user browser.

The identified parameters are: "action" and "Langue"

Parameter: action

URL: http://www.somesite.com/php-bin/Webclient.php? 
action=<script>alert("xss")</script>

Parameter: Langue

URL: http://www.somesite.com/?Langue="><script>alert("xss")</script><";


[ WORKAROUND ]

Alcatel-Lucent has released a patch to address this vulnerability.  
More info at:
http://www1.alcatel-lucent.com/psirt/statements/2007003/4760xss.htm

[ ACKNOWLEDGMENTS ]

This vulnerability has been discovered and researched by:

- Juan de la Fuente Costa <jfuente@s21sec.com> S21Sec
- Pablo Seijo Cajaraville <pseijo@s21sec.com> S21Sec

With special thanks to:

- Miguel Angel Aguilar Bermejo


[ REFERENCES ]

* S21Sec
   http://www.s21sec.com
   http://blog.s21sec.com

Top Authors In Last 30 Days

Red Hat 228 files
indoushka 168 files
Jay Turla 150 files
Ubuntu 69 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,587)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,263)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,856)
UNIX (9,457)
UnixWare (188)
Windows (6,772)
Other

S21SEC-038-en.txt

S21SEC-038-en.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

S21SEC-038-en.txt

Share This

S21SEC-038-en.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems