/* ###################################################################################### # Exploit Title: SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities # Date: Jul 21 2012 # Author: muts # Version: SolarWinds Orion Network Performance Monitor 10.2.2 # Vendor URL: http://www.solarwinds.com/ ###################################################################################### Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012 02 Jul 2012: Contact received from SolarWinds with vulnerability confirmation and plans for remediation 09 Jul 2012: SolarWinds provides a preview release (10.3.1) for testing 10 Jul 2012: Advised SolarWinds that the preview release fixed the reported vulnerabilities 21 Jul 2012: Public disclosure Vulnerability Details: SolarWinds Orion Network Performance Monitor (NPM) is vulnerable to persistent XSS when scanning a remote system containing malicious JavaScript in its snmpd.conf file. The vulnerable fields were determined to be: syslocation syscontact sysName In addition, NPM is also vulnerable to CSRF attacks despite the fact that it makes use of VIEWSTATE protection. Through a combination of XSS and CSRF, a user can be added to the web application by configuring the snmpd.conf file to point to an attacker-controlled JavaScript file: syscontact */ function getCookie(c_name) { var i,x,y,ARRcookies=document.cookie.split(";"); for (i=0;i