[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Reflected XSS Vulnerability In Manage Engine Event Log Analyzer
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Reflected XSS Vulnerability In Manage Engine Event Log Analyzer
- From: kkulkarni@xxxxxxxxxxxxxxx
- Date: Tue, 21 Apr 2015 19:25:03 GMT
========================================================================
=======
Reflected XSS Vulnerability In Manage Engine Event Log Analyzer
========================================================================
=======
. contents:: Table Of Content
Overview
========
* Title : Reflected XSS Vulnerability in XSS In Manage Engine Event Log Analyzer
* Author: Kapil Kulkarni
* Plugin Homepage: https://www.manageengine.com/products/eventlog/
* Severity: Low
* Version Affected: Version 10 Build Number:10003
* version patched: Separate Patch release for all version
Description
===========
About the Product
=================
EventLog Analyzer provides the most cost-effective Security Information and
Event Management (SIEM)software on the market. Using this Log Analyzer
software, organizations can automate the entire process of managing terabytes
of machine generated logs by collecting, analyzing, correlating, searching,
reporting, and archiving from one central location. This event log analyzer
software helps to monitor file integrity, conduct log forensics analysis,
monitor privileged users and comply to different compliance regulatory bodies
by intelligently analyzing your logs and instantly generating a variety of
reports like user activity reports, historical trend reports, and more.
Vulnerable Parameter
--------------------
* j_username
About Vulnerability
-------------------
This Product is vulnerable to a combination of XSS attack meaning that if an
admin user can be tricked to visit a crafted URL created by attacker (via spear
phishing/social engineering), the attacker can execute arbitrary code into
login page. Once exploited, admin?s browser can be made to do almost anything
the admin user could typically do by hijacking admin's cookies etc.
Vulnerability Class
===================
Cross Site Scripting
(https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XS
S)
Steps to Reproduce: (POC)
=========================
1. After Setting up Manage engine navigate to its user interface
2. Use this payload in Username field
#####payload To Use#######################
"><script>alert(document.cookie)</script>
##########################################
3. And see the XSS in action.
#Live Poc URL
http://1.bp.blogspot.com/-ujCdc0Ryknc/VTadwPT9bZI/AAAAAAAABMc/MuSU3XKtKsY/s1600/xss_reponse.JPG
Mitigation
==========
Follow the below steps to fix the issue:
1. Stop the ELA Service.
2. Download the file from the following link and extract it in
C:\ManageEngine\EventLog\lib\.
C:\ManageEngine\EventLog is where you have it installed.
http://bonitas2.zohocorp.com/zipUploads/2015_01_04_03_07_14_o_19hos70vafslcd31ts716gm1gvq1.tar.gz
3. Once you extracted the folder structure has to be as below.
C:\ManageEngine\EventLog\lib\EventLogAnalyzerJSP\com\adventnet\sa....
4. Start the EventLog Analyzer service.
This should fix the issue.
P.S : Extract the zip and put the folder inside the location. Do not take the
entire zip file to the location as it will not work.
Change Log
==========
Disclosure
==========
23-March-2015 Reported to Developer
28-February-2015 Acknowledgement from Developer
04-April-2015 Fixed by developer
06-April-2015 Requested a CVE ID
22-April-2015 Public Disclosed
credits
=======
* Kapil Kulkarni
* Information Security Testing
* ControlCase International Pvt Ltd.
* https://www.facebook.com/kapil.kulkarni.587
*https://in.linkedin.com/pub/kapil-kulkarni-c-eh/63/337/5a3