Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 May 2014 15:03:09 +0300
From: Dolev Farhi <dolevf87@...il.com>
To: oss-security <oss-security@...ts.openwall.com>, cve-assign <cve-assign@...re.org>
Subject: Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities

hi,

Several security issues were found in Zenoss monitoring system.


1.  Stored XSS.
A persistent XSS vulnerability was found in Zenoss core, by creating a
malicious host with the Title <script>alert("Xss")</script> any user
browsing
to the relevant manufacturers page will get a client-side script executed
immediately.

Proof of concept:
1. Create a device with with the Title <script>alert("XSS")</script>
 2. Navigate to the  Infrastructure -> Manufacturers page.
 3. pick the name of the manufacturer of the device, e.g. Intel
 4. select the type of the hardware the device is assigned to, e.g.
GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz
 5. the XSS Executes.
    <tr class="even">
      <td class="tablevalues"><a
href='/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("xss")</script></a></td>
      <td class="tablevalues">GenuineIntel_        Intel(R) Core(TM)
i7-2640M CPU _ 2.80GHz</td>
    </tr>



2. Open Redirect vulnerability.
an open redirect is possible via http://zenoss
-url.com/:8080/zport/acl_users/cookieAuthHelper/login_form?came_from=[
http://malicious-website.com ]  allowing an
attacker to redirect a user to a malicious website.



Can CVE numbers please be assigned to these?

Tx.



-- 
additional proof of concept vid.
https://www.youtube.com/watch?v=wtmdsz24evo&feature=youtu.be

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ