Cisco Digital Network Architecture Center 1.3.1.4 – Persistent Cross-Site Scripting - 体验盒子

作者： Dylan Garnaud

日期： 2020-05-12

类别：

webapps

平台：

java

来源：https://www.exploit-db.com/exploits/48459/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

# Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting

# Date: 2020-04-16

# Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France

# Vendor Homepage: https://www.cisco.com/c/en/us/products/cloud-systems-management/dna-center/index.html

# Version: Cisco DNA before 1.3.0.6 and 1.3.1.4

# Tested on: 1.3.0.2

# CVE : CVE-2019-15253

# Security advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190205-dnac-xss

## 1 - Network Hierarchy

- Vulnerable parameter: Floor Name.

- Payload: <code></code><code><script>alert('XSS')</script></code><code>

- Details: There is no control or security mechanism on this field. Specials characters are not encoded or filtered.

- Privileges: It requires admin or customer account.

- Location: Design -> Network Hirearchy -> Building -> Floor -> Field: "Floor name" .

## 2 - User Management

- Vulnerable parameters: First Name, Last Name .

- Payload: <code></code><code><script>alert('XSS')</script></code><code>

- Details: There is no control or security mechanism on this field. Specials characters are not encoded or filtered.

- Privileges: It requires admin account.

- Location: Settings -> Users -> User Management -> Fields: "First Name" or "Last Name".