Ignite Realtime Openfire 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1208635 漏洞类型 跨站脚本
发布时间 2018-06-06 更新时间 2019-06-21
CVE编号 CVE-2018-11688 CNNVD-ID CNNVD-201806-845
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018060060
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201806-845
|漏洞详情
Ignite Realtime Openfire是Ignite Realtime社区的一款采用Java开发且基于XMPP(前称Jabber,即时通讯协议)的跨平台开源实时协作(RTC)服务器,它能够构建高效率的即时通信服务器,并支持上万并发用户数量。 Ignite Realtime Openfire 3.9.2之前版本中存在跨站脚本漏洞,该漏洞源于程序没有正确的验证用户提交的输入。远程攻击者借助特制的URL利用该漏洞在用户的Web浏览器中执行脚本,窃取基于cookie的用户身份验证凭证。
|漏洞EXP
I. VULNERABILITY
-------------------------
Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting


II. CVE REFERENCE
-------------------------
CVE-2018-11688


III. VENDOR HOMEPAGE
-------------------------
https://www.igniterealtime.org/projects/openfire/


IV. DESCRIPTION
-------------------------
url parameter at Openfire Version 3.7.1 has a reflected cross-site
scripting vulnerability. A successful exploit could allow the attacker
to execute arbitrary script code in the context of the affected site
and allow the attacker to access sensitive browser-based information.


V. PROOF OF CONCEPT
-------------------------
http://domain.net:9090/login.jsp?url=a"onclick="alert(1)
http://domain.net:9090/login.jsp?url=a%22onclick=%22alert(1)


VI. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688


VII. CREDIT
-------------------------
Yavuz Atlas - @yavuzatlas_
http://www.biznet.com.tr/biznet-guvenlik-duyurulari


|参考资料

来源:packetstormsecurity.com

链接:http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html


来源:seclists.org

链接:http://seclists.org/fulldisclosure/2018/Jun/13


来源:www.securityfocus.com

链接:http://www.securityfocus.com/archive/1/archive/1/542060/100/0/threaded