| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 8 Mar 2008 18:36:50 -0000 From: nnposter@...closed.not To: bugtraq@...urityfocus.com Subject: F5 BIG-IP Web Management Console XSS F5 BIG-IP Web Management Console XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a potentially persistent cross-site scripting vulnerability in the "Console" feature. Output from executed console commands is wrapped in <t_extarea> [intentionally misspelled] so the content is displayed verbatim but there is no protection against forced premature termination of the textarea block with an injected </t_extarea> tag. Example command output with the exploit: </t_extarea><s_cript>....</s_cript><t_textarea> One possible persistent exploitation is for an attacker to create a log entry with an embedded script that gets executed any time the corresponding log file is later reviewed in the Console by an administrator. It is possible to craft URL links that would generate a suitable log entry with a simple HTTP GET request. This allows the attack to be carried out remotely. The vulnerability has been identified in version 9.4.3. However, other versions may be also affected. Solution: Do not use the web management Console feature to review logs. Use SSH CLI instead. History: 2/23/08 - 1st notice sent to F5 (no response) 3/4/08 - 2nd notice sent to F5 (no response) 3/8/08 - public disclosure Found by: nnposter
Powered by blists - more mailing lists