lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060929194134.21117.qmail@securityfocus.com>
Date: 29 Sep 2006 19:41:34 -0000
From: ozkan.aziz@...tehat.org.uk
To: bugtraq@...urityfocus.com
Subject: Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS)
 Vulnerability

Whitehat.org.uk Advisory (1)

Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability

Vulnerability Type: Active code injection (XSS)

Problem Discovered: 14 September 2006
Vendor Contacted: 14 September 2006
Advisory Published: 29 September 2006

Abstract:
Mercury SiteScope is an agentless system monitoring solution designed to ensure the availability and performance of distributed IT infrastructures available on the Microsoft Windows Server platform as well as others.

Description:
User supplied HTML code is executed by the sitescope.

Technical Details:

Mercury sitescope 8.2 does not correctly validate user submitted input, making it possible to execute user submitted code by the sitescope web engine.

1) With the exception of "create new group name", any field create name field was susceptible to exploitation.
2) Any "description" field was susceptible to exploitation.

Additional Issues: 
Attempting to inject HTML code in the "new monitor description" field resulted in a loss of connectivity to the classic interface.

Workaround:
None at present - This may be considered a low risk issue as the user will need to be authenticated in order inject the maliciuos code, however, this attack vector could leveraged to steal session information. The vendor has been notified, however, has been non-responsive.

Tested Versions:
Mercury Sitescope 8.2 on Windows 2003 server - avaliable from http://www.mercury.com

Credits: Ozkan Aziz

Greetings: Gyan (dude), Varun :) , Gerald (Wheeey), Chitt (eCrimes)

Disclaimer:
This advisory intended to be informational. No responsibility is taken for its misuse.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ