Executive Summary
Summary | |
---|---|
Title | GoAhead Webserver multiple stored XSS vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#384427 | First vendor Publication | 2011-10-10 |
Vendor | VU-CERT | Last vendor Modification | 2011-10-10 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#384427GoAhead Webserver multiple stored XSS vulnerabilitiesOverviewGoAhead Webserver 2.18 and possibly previous or newer versions, are vulnerable to multiple stored and reflective cross site scripting (XSS) vulnerabilities.I. DescriptionGoAhead Webserver software fails to sanitize POST requests sent to the multiple functions. As a result, stored and reflective cross site scripting (XSS) attacks can be conducted. An attacker can inject javascript code that will be run each time the specified webpage is accessed by inserting javascript code in the affected parameter.According to the reporter the following webpages and parameters are affected by stored and reflective XSS vulnerabilities:
group=<script>alert(1337)</script>&privilege=4&method=1&enabled=on&ok=OK Results: Reflected XSS displayed in addgroup.asp, stored XSS in: adduser.asp, addlimit.asp, delgroup.asp.
url=<script>alert(1337)</script>&group=test&method=3&ok=OK Results: Stored when user requests dellimit.asp.
addgroup.asp. In this example, you can swap out the group=<script>alert(1337) for whichever group name you added. password= and passconf= can also be modified to whichever password you want the new user to have. POST /goform/AddUser HTTP/1.1 user=%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&group=%3Cscript%3Ealert%281337%2 9%3C%2Fscript%3E&enabled=on&password=test&passconf=test&ok=OK Result: Reflected in reply, stored in: deluser.asp,dspuser.asp. II. ImpactAn attacker with access to the GoAhead Webserver can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.III. SolutionWe are currently unaware of a practical solution to this problem.Restrict access
ReferencesCreditThanks to Silent Dream for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/384427 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-11-08 | Name : GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities File : nvt/gb_goahead_webserver_mult_stored_xss_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76847 | GoAhead Webserver adduser.asp Multiple Parameter XSS GoAhead Webserver contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'User ID' or 'group' parameters upon submission to the adduser.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
76846 | GoAhead Webserver addlimit.asp url Parameter XSS GoAhead Webserver contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'url' parameter upon submission to the addlimit.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
76845 | GoAhead Webserver addgroup.asp group Parameter XSS GoAhead Webserver contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'group' parameter upon submission to the addgroup.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |