Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 May 2014 15:03:09 +0300
From: Dolev Farhi <dolevf87@...il.com>
To: oss-security <oss-security@...ts.openwall.com>, cve-assign <cve-assign@...re.org>
Subject: Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities

hi,

Several security issues were found in Zenoss monitoring system.


1.  Stored XSS.
A persistent XSS vulnerability was found in Zenoss core, by creating a
malicious host with the Title <script>alert("Xss")</script> any user
browsing
to the relevant manufacturers page will get a client-side script executed
immediately.

Proof of concept:
1. Create a device with with the Title <script>alert("XSS")</script>
 2. Navigate to the  Infrastructure -> Manufacturers page.
 3. pick the name of the manufacturer of the device, e.g. Intel
 4. select the type of the hardware the device is assigned to, e.g.
GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz
 5. the XSS Executes.
    <tr class="even">
      <td class="tablevalues"><a
href='/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("xss")</script></a></td>
      <td class="tablevalues">GenuineIntel_        Intel(R) Core(TM)
i7-2640M CPU _ 2.80GHz</td>
    </tr>



2. Open Redirect vulnerability.
an open redirect is possible via http://zenoss
-url.com/:8080/zport/acl_users/cookieAuthHelper/login_form?came_from=[
http://malicious-website.com ]  allowing an
attacker to redirect a user to a malicious website.



Can CVE numbers please be assigned to these?

Tx.



-- 
additional proof of concept vid.
https://www.youtube.com/watch?v=wtmdsz24evo&feature=youtu.be

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.