| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Aug 2010 00:07:08 -0700 From: Adam Baldwin <adam_baldwin@...nuity-is.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Nagios XI Login XSS Nagios XI Login XSS Advisory ID: NGENUITY-2010-007 Vulnerability Information Class: Cross-Site Scripting (XSS) Software Description Nagios XI is the commercial / enterprise version of the open source Nagios project. Vulnerability Description The login page for the Nagios XI management interface prior to version 2009R1.3 is vulnerable to cross-site scripting (XSS). This vulnerability does not require the victim to be authenticated. This vulnerability was originally thought to be addressed in version 2009R1.2C. All the parameters of the login page are vulnerable to injection and execution of JavaScript. This does not require authentication, but if the user is authenticated can provide a reasonably easy way to do whatever actions you want as the Admin user (and negates CSRF protection that has recently been implemented). Vendor recommends upgrading to version 2009R1.3 or later. Technical Description Here is a non-malicious example. The input after login.php is inserted into the permalink_base variable without being sanitized. http://example.com/nagiosxi/login.php?%22;alert%281%29;// Credits This vulnerability was discovered by Adam Baldwin Original Advisory http://ngenuity-is.com/advisories/2010/aug/19/nagios-xi-login-xss/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists