BASE - 3 Persistent Cross Site Scripting Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1051917 漏洞类型
发布时间 2009-06-01 更新时间 2009-06-01
漏洞平台 N/A CVSS评分 N/A
BASE, a well known Snort Frontend has 3 Persistent Cross Site Scripting

For those who don't know, Cross-Site Scripting allows the attacker to inject
Javascript to modify the functionality of the webpages. Since this
vulnerability exists in BASE, this allows an attacker to drop alerts(all of
them or specific alerts), modify user information including passwords,
modify the configuration of BASE and many other tasks. The only limitation
is the attacker's creativity.

The vulnerabilities exist in pages that use the information from 3 different
components of BASE including: alert groups, roles and user information.

For creating a user, the name field was found to be vulnerable. For the name
field, I just injected Javascript and it was rendered!

For creating an alert group, we just need to include a closure for the html
by using "> and add our Javascript afterwards. This causes the page that
loads the name, to close the html and execute our Javascript! This is due to
html encoding being used on the page.

For creating a role, both the name and the description field were
vulnerable. The name field was limited to a specific number of characters.
To verify I just injected XSS and verified it rendered properly. The
description field was just straight Javascript.

Screenshots can be found at: