lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOmMdVuhQxUmaRhX7GS=C0ahWkacreY=CM5_a+nQ9U=WbZ_PfQ@mail.gmail.com> Date: Wed, 12 Nov 2014 21:04:04 -0200 From: William Costa <william.costa@...il.com> To: fulldisclosure@...lists.org Subject: [FD] XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 (CVE-2014-8629) I. VULNERABILITY ------------------------- XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 II. BACKGROUND Pandora FMS is the monitoring software chosen by several companies all around the world for managing their IT infrastructure. Besides ensuring high performance and maximum flexibility, it has aIII. DESCRIPTION ------------------------- Has been detected a Reflected XSS vulnerability in Pandora FMS in page visualization agents, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser. The code injection is done through the parameter "refr" in the page “/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=” IV. PROOF OF CONCEPT ------------------------- The application does not validate the parameter “refr”. Malicious Request ("refr") Vulnerable: http://firefly.artica.es/pandora_demo/index.php?sec=estado&sec2=operat ion/agentes/estado_agente&refr=</script><script>alert(document.cookie) </script>0&group_id=0 V. BUSINESS IMPACT ------------------------- An attacker can send link and choice text write in page. VI. SYSTEMS AFFECTED ------------------------- Pandora FMS v5.1SP1 - Revisión PC141031 VII. SOLUTION ------------------------- All data received by the application and can be modified by the user, before making any kind of transaction with them must be validated By William Costa william.costa@...il.com _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists