oss-sec mailing list archives
Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities
From: Dolev Farhi <dolevf87 () gmail com>
Date: Wed, 14 May 2014 15:03:09 +0300
hi, Several security issues were found in Zenoss monitoring system. 1. Stored XSS. A persistent XSS vulnerability was found in Zenoss core, by creating a malicious host with the Title <script>alert("Xss")</script> any user browsing to the relevant manufacturers page will get a client-side script executed immediately. Proof of concept: 1. Create a device with with the Title <script>alert("XSS")</script> 2. Navigate to the Infrastructure -> Manufacturers page. 3. pick the name of the manufacturer of the device, e.g. Intel 4. select the type of the hardware the device is assigned to, e.g. GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz 5. the XSS Executes. <tr class="even"> <td class="tablevalues"><a href='/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("xss")</script></a></td> <td class="tablevalues">GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz</td> </tr> 2. Open Redirect vulnerability. an open redirect is possible via http://zenoss -url.com/:8080/zport/acl_users/cookieAuthHelper/login_form?came_from=[ http://malicious-website.com ] allowing an attacker to redirect a user to a malicious website. Can CVE numbers please be assigned to these? Tx. -- additional proof of concept vid. https://www.youtube.com/watch?v=wtmdsz24evo&feature=youtu.be
Current thread:
- Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities Dolev Farhi (May 14)