lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080323024946.8171.qmail@securityfocus.com>
Date: 23 Mar 2008 02:49:46 -0000
From: nnposter@...closed.not
To: bugtraq@...urityfocus.com
Subject: F5 BIG-IP Web Management Audit Log XSS

F5 BIG-IP Web Management Audit Log XSS


Product: F5 BIG-IP
http://www.f5.com/products/big-ip/


The F5 BIG-IP web management interface contains a persistent cross-site scripting vulnerability in the audit log facility. Log entries are output raw, without being HTML-encoded first. This allows an attacker to create a log entry with an embedded script that gets executed any time the audit log is later reviewed by an administrator.

One of several exploit vectors is to create a node object with a script embedded in the node name. The creation will fail due to unsupported characters but an audit log entry still gets created. Other confirmed entry points are sysContact and sysLocation on the SNMP configuration page.

It is possible to craft URL links that would generate a suitable log entry with a simple HTTP GET request. This allows the attack to be carried out remotely.


The vulnerability has been identified in version 9.4.3. However, other versions may be also affected.


Solution:
Do not use the web management interface to review audit logs. Use SSH CLI instead.


Found by:
nnposter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ