54 lines
No EOL
1.6 KiB
Text
54 lines
No EOL
1.6 KiB
Text
# Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system
|
|
# Date: 12/05/2014
|
|
# Exploit author: Dolev Farhi dolev(at)openflare.org
|
|
# Vendor homepage: http://zenoss.com
|
|
# Software Link: http://www.zenoss.com
|
|
# Version: Core 4.2.5-2108 64bit
|
|
# Tested on: Kali Linux
|
|
# Vendor alerted: 12/05/2014
|
|
# CVE-2014-3738
|
|
|
|
Software details:
|
|
|
|
==================
|
|
|
|
Zenoss (Zenoss Core) is a free and open-source application, server, and
|
|
network management platform based on the Zope application server.
|
|
|
|
Released under the GNU General Public License (GPL) version 2, Zenoss
|
|
Core provides a web interface that
|
|
|
|
allows system administrators to monitor availability,
|
|
inventory/configuration, performance, and events.
|
|
|
|
|
|
|
|
Vulnerability details: Stored XSS Vulnerability
|
|
|
|
========================
|
|
|
|
A persistent XSS vulnerability was found in Zenoss core, by creating a
|
|
malicious host with the Title <script>alert("Xss")</script> any user
|
|
browsing
|
|
|
|
to the relevant manufacturers page will get a client-side script
|
|
executed immediately.
|
|
|
|
|
|
|
|
|
|
|
|
Proof of Concept:
|
|
1. Create a device with with the Title <script>alert("XSS")</script>
|
|
2. Navigate to the Infrastructure -> Manufacturers page.
|
|
3. pick the name of the manufacturer of the device, e.g. Intel
|
|
4. select the type of the hardware the device is assigned to, e.g. GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz
|
|
5. the XSS Executes.
|
|
|
|
<tr class="even">
|
|
|
|
<td class="tablevalues"><a href='/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("Dolev")</script></a></td>
|
|
|
|
<td class="tablevalues">GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz</td>
|
|
|
|
</tr> |