Date: Wed, 14 May 2014 15:03:09 +0300 From: Dolev Farhi <dolevf87@...il.com> To: oss-security <oss-security@...ts.openwall.com>, cve-assign <cve-assign@...re.org> Subject: Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities hi, Several security issues were found in Zenoss monitoring system. 1. Stored XSS. A persistent XSS vulnerability was found in Zenoss core, by creating a malicious host with the Title <script>alert("Xss")</script> any user browsing to the relevant manufacturers page will get a client-side script executed immediately. Proof of concept: 1. Create a device with with the Title <script>alert("XSS")</script> 2. Navigate to the Infrastructure -> Manufacturers page. 3. pick the name of the manufacturer of the device, e.g. Intel 4. select the type of the hardware the device is assigned to, e.g. GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz 5. the XSS Executes. <tr class="even"> <td class="tablevalues"><a href='/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("xss")</script></a></td> <td class="tablevalues">GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz</td> </tr> 2. Open Redirect vulnerability. an open redirect is possible via http://zenoss -url.com/:8080/zport/acl_users/cookieAuthHelper/login_form?came_from=[ http://malicious-website.com ] allowing an attacker to redirect a user to a malicious website. Can CVE numbers please be assigned to these? Tx. -- additional proof of concept vid. https://www.youtube.com/watch?v=wtmdsz24evo&feature=youtu.be
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ