Ntop-NG 1.1 Cross Site Scripting

2014.07.03
Credit: Madhu Akula
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: Cross Site Scripting Vulnerability in Ntop-NG (CVE-2014-4329) # CVE : CVE-2014-4329 # Date: 2 July 2014 # Exploit Author: Madhu Akula # Vendor Homepage: http://www.ntop.org/ # Software Link: http://www.ntop.org/get-started/download/ # Version : Ntopng 1.1 # Severity: High # Tested on: Ubuntu & Windows # URL: http://[domain]:3000/lua/host_details.lua?host=<script>alert(document.cookie)</script> # Issue Details : Ntopng is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the host_details.lua script. A remote attacker could exploit this vulnerability using the host parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. # Steps to replicate: (POC) 1. Replace the domain with the host and send this to Victim (or) Open it http://[domain]:3000/lua/host_details.lua?host=<script>alert(document.cookie)</script> I attached a screenshot also for POC # References : http://www.securityfocus.com/bid/66456 https://svn.ntop.org/bugzilla/show_bug.cgi?id=379 http://xforce.iss.net/xforce/xfdb/92135 http://cve.circl.lu/cve/CVE-2014-4329 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4329 http://cxsecurity.com/cveshow/CVE-2014-4329/ http://www.secuobs.com/revue/news/519877.shtml Madhu Akula Information Security Researcher https://www.twitter.com/madhuakula


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top