Title: Ntop v.4.0.3 (64 bit) - Cross Site Scripting
Type: Remote
Impact: Cross-Site Scripting
Release Date: 02.08.2012
Release mode: Coordinated release
Summary
=======
ntop is a network probe that shows network usage in a way similar to what
top does for processes. In interactive mode, it displays the network status
on the user's terminal. In Web mode, it acts as a web server, creating a
HTML dump of the network status. It sports a NetFlow/sFlow
emitter/collector, a HTTP-based client interface for creating ntop-centric
monitoring applications, and RRD for persistently storing traffic
statistics.
Description
===========
A reflected Cross Site Scripting vulnerability was found in Ntop, because
the application fails to sanitize user-supplied
input. The vulnerability can be triggered by any user.
Vendor
======
Ntop - http://www.ntop.org/
Affected Version
================
v.4.0.3 (64 bit)
PoC
===
GET
/plugins/rrdPlugin?action=arbreq&which=graph&arbfile=TEST">[XSS]&arbiface=eth0&start=1343344529&end=1343348129&counter=&title=Active+End+Nodes&mode=zoom
HTTP/1.1
Credits
=======
Vulnerability discovered by Marcos Garcia (@artsweb)
Solution
========
Upgrade to Ntop v5.0 (
http://sourceforge.net/projects/ntop/files/ntop/Stable/)