Message-ID: <CAOmMdVuhQxUmaRhX7GS=C0ahWkacreY=CM5_a+nQ9U=WbZ_PfQ@mail.gmail.com>
Date: Wed, 12 Nov 2014 21:04:04 -0200
From: William Costa <william.costa@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 (CVE-2014-8629)

I. VULNERABILITY

-------------------------

XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 -
Revisión PC141031

II. BACKGROUND
Pandora FMS is the monitoring software chosen by several companies all
around the world for managing their IT infrastructure. Besides ensuring
high performance and maximum flexibility, it has aIII.

DESCRIPTION
-------------------------
Has been detected a Reflected XSS vulnerability in Pandora FMS in page
visualization agents, that allows the execution of arbitrary HTML/script
code to be executed in the context of the victim user's browser.

The code injection is done through the parameter "refr" in the page
“/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=”

IV. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter “refr”.

Malicious Request ("refr")

Vulnerable:

http://firefly.artica.es/pandora_demo/index.php?sec=estado&sec2=operat
ion/agentes/estado_agente&refr=</script><script>alert(document.cookie)
</script>0&group_id=0

V. BUSINESS IMPACT
-------------------------
An attacker can send link and choice text write in page.

VI. SYSTEMS AFFECTED

-------------------------

Pandora FMS v5.1SP1 - Revisión PC141031

VII. SOLUTION
-------------------------
All data received by the application and can be modified by the user,
before making any kind of transaction with them must be validated

By William Costa

william.costa@...il.com

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists