[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Huawei ISM Professional XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Huawei ISM Professional XSS Vulnerability
From: ak47464659484@xxxxxxxxx
Date: Tue, 26 Jul 2016 14:25:27 GMT

Title: Huawei ISM Professional XSS Vulnerability
Software : ISM Professional OceanStor

Software Version : Copyright&copy;Huawei Technologies Co., Ltd. 2009-2010. All
rights reserved.

Vendor: www.huawei.com

Vulnerability Published : 2016-07-25

Author&#65306;zhiwei_jiang
Email:ak47464659484@xxxxxxxxx
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N)

Bug Description :
The ISM consists of device management software, cloud storage management
software, and storage network management software. The device management
software, downloaded over JWS or installed through a CD-ROM, is applies to the
management of Huawei Symantec storage devices, the cloud storage management
software applies to the management of Huawei Symantec storage devices and
resources and the storage network management software applies to the management
of Huawei Symantec SAN storage devices. The cloud storage management software
and storage network management software are deployed on independent servers and
users can access the software through browsers.
ISM Professional (ver Huawei Technologies Co., Ltd. 2009-2010.) The server
reads data directly from the HTTP request and reflects it back in the HTTP
response. Reflected XSS exploits occur when an attacker causes a victim to
supply dangerous content to a vulnerable web application, which is then
reflected back to the victim and executed by the web browser. The most common
mechanism for delivering malicious content is to include it as a parameter in a
URL that is posted publicly or e-mailed directly to the victim. URLs
constructed in this manner constitute the core of many phishing schemes,
whereby an attacker convinces a victim to visit a URL that refers to a
vulnerable site. After the site reflects the attacker's content back to the
victim, the content is executed by the victim's browser.

PoC:
http://x.x.x.x/cgi-bin/doLogin_CgiEntry
POST:
cfgBtn=&brand=sp&copyright=hst&lang=en&lang=en&loginName=en<body%20onload%3dalert(/xss/)>&loginPassword=test

Solution :
Using such encode functions as htmlencode() or filtering those certain symbols
regarding JavaScript as well as Html.

Prev by Date: Crashing Browsers Remotely via Insecure Search Suggestions
Next by Date: Dropbox 6.4.14 DLL Hijacking Vulnerability
Previous by thread: Crashing Browsers Remotely via Insecure Search Suggestions
Next by thread: Dropbox 6.4.14 DLL Hijacking Vulnerability
Index(es):
- Date
- Thread