ID EDB-ID:31517 Type exploitdb Reporter Luigi Vezzoso Modified 2014-02-07T00:00:00
Description
CTERA 3.2.29.0 and 3.2.42.0 - Stored XSS. CVE-2013-2639. Webapps exploit for php platform
# Exploit Title: [CTERA Project Folders - Stored XSS]
# Date: [11-Mar-2013]
# Exploit Author: [Luigi Vezzoso]
# Vendor Homepage: [http://www.ctera.com]
# Version: [3.2.29.0 and 3.2.42.0 ]
# Tested on: [ctera os]
# CVE : [CVE-2013-2639]
#OVERVIEW
Standard Ctera User can define a particular “description” for a ProjectFolder that cause javascript code execution and HTML injection.
#INTRODUCTION
CTERA Networks (http://www.ctera.com)bridges the gap between cloud storage and local storage, providing optimized performance and end-to-end security. Our solutions accelerate deployment of cloud services and eliminate the costs associated with file servers, backup servers and tape drives. Service providers and enterprises use CTERA to deliver services such as backup, file sync and share, mobile collaboration, managed NAS and cloud on-ramping, based on the cloud infrastructure of their choice.
#VULNERABILITY DESCRIPTION
User can forge particular description on Project Folder that permit XSS, HTML Injection (add of link, images, button ecc). As the project folder can be shared with different users that vulnerability permit the grabbing of sessions cookies.
For test the vuln: Create a Project Folder with the following description (the particular path depend of firmware version)
</xml><img src="https://192.168.3.2/admingui/common.3.2.29.291012114828/script/ext/resources/images/default/grid/loading.gif" onload="alert(document.cookie);">
<xml>
#VERSIONS AFFECTED
Tested on CTERA Cloud Storage OS version 3.2.29.0 and 3.2.42.0
#SOLUTION
The vendor mark as resolved on latest CTERA version 4.x
#CREDITS
Luigi Vezzoso
email: luigivezzoso@gmail.com
skype: luigivezzoso
{"id": "EDB-ID:31517", "hash": "7ae33fdf5a3029527ec2541036c19ad7", "type": "exploitdb", "bulletinFamily": "exploit", "title": "CTERA 3.2.29.0 and 3.2.42.0 - Stored XSS", "description": "CTERA 3.2.29.0 and 3.2.42.0 - Stored XSS. CVE-2013-2639. Webapps exploit for php platform", "published": "2014-02-07T00:00:00", "modified": "2014-02-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/31517/", "reporter": "Luigi Vezzoso", "references": [], "cvelist": ["CVE-2013-2639"], "lastseen": "2016-02-03T14:51:04", "history": [], "viewCount": 6, "enchantments": {"score": {"value": 3.2, "vector": "NONE", "modified": "2016-02-03T14:51:04"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2639"]}, {"type": "seebug", "idList": ["SSV:61465"]}, {"type": "zdt", "idList": ["1337DAY-ID-21870"]}], "modified": "2016-02-03T14:51:04"}, "vulnersScore": 3.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/31517/", "sourceData": "# Exploit Title: [CTERA Project Folders - Stored XSS]\r\n\u00a0\r\n# Date: [11-Mar-2013]\r\n# Exploit Author: [Luigi Vezzoso]\r\n# Vendor Homepage: [http://www.ctera.com]\r\n# Version: [3.2.29.0 and 3.2.42.0 ]\r\n# Tested on: [ctera os]\r\n# CVE : [CVE-2013-2639]\r\n\u00a0\r\n#OVERVIEW\r\nStandard Ctera User can define a particular \u201cdescription\u201d for a ProjectFolder that cause javascript code execution and HTML injection. \r\n\u00a0\r\n#INTRODUCTION\r\nCTERA Networks (http://www.ctera.com)bridges the gap between cloud storage and local storage, providing optimized performance and end-to-end security. Our solutions accelerate deployment of cloud services and eliminate the costs associated with file servers, backup servers and tape drives. Service providers and enterprises\u00a0use CTERA to deliver services such as backup, file sync and share, mobile collaboration, managed NAS and cloud on-ramping, based on the cloud infrastructure of their choice.\r\n\u00a0\r\n#VULNERABILITY DESCRIPTION\r\nUser can forge particular description on Project Folder that permit XSS, HTML Injection (add of link, images, button ecc). As the project folder can be shared with different users that vulnerability permit the grabbing of sessions cookies.\r\n\u00a0\r\nFor test the vuln: Create a Project Folder with the following description (the particular path depend of firmware version)\r\n\r\n</xml><img src=\"https://192.168.3.2/admingui/common.3.2.29.291012114828/script/ext/resources/images/default/grid/loading.gif\" onload=\"alert(document.cookie);\">\r\n<xml>\r\n\r\n\r\n\r\n#VERSIONS AFFECTED\r\nTested on CTERA Cloud Storage OS version 3.2.29.0 and 3.2.42.0 \r\n\u00a0\r\n#SOLUTION\r\nThe vendor mark as resolved on latest CTERA version 4.x\r\n\u00a0\r\n#CREDITS\r\nLuigi Vezzoso \r\nemail:\u00a0 luigivezzoso@gmail.com\r\nskype:\u00a0 luigivezzoso\r\n", "osvdbidlist": ["103117"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:13:02", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.", "modified": "2015-07-30T14:43:00", "id": "CVE-2013-2639", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2639", "published": "2014-02-11T17:55:00", "title": "CVE-2013-2639", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "zdt": [{"lastseen": "2018-04-04T15:34:45", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2014-02-08T00:00:00", "published": "2014-02-08T00:00:00", "id": "1337DAY-ID-21870", "href": "https://0day.today/exploit/description/21870", "type": "zdt", "title": "CTERA 3.2.29.0 and 3.2.42.0 - Stored XSS", "sourceData": "#OVERVIEW\r\nStandard Ctera User can define a particular \u201cdescription\u201d for a ProjectFolder that cause javascript code execution and HTML injection. \r\n \r\n#INTRODUCTION\r\nCTERA Networks (http://www.ctera.com)bridges the gap between cloud storage and local storage, providing optimized performance and end-to-end security. Our solutions accelerate deployment of cloud services and eliminate the costs associated with file servers, backup servers and tape drives. Service providers and enterprises use CTERA to deliver services such as backup, file sync and share, mobile collaboration, managed NAS and cloud on-ramping, based on the cloud infrastructure of their choice.\r\n \r\n#VULNERABILITY DESCRIPTION\r\nUser can forge particular description on Project Folder that permit XSS, HTML Injection (add of link, images, button ecc). As the project folder can be shared with different users that vulnerability permit the grabbing of sessions cookies.\r\n \r\nFor test the vuln: Create a Project Folder with the following description (the particular path depend of firmware version)\r\n \r\n</xml><img src=\"https://192.168.3.2/admingui/common.3.2.29.291012114828/script/ext/resources/images/default/grid/loading.gif\" onload=\"alert(document.cookie);\">\r\n<xml>\r\n \r\n \r\n \r\n#VERSIONS AFFECTED\r\nTested on CTERA Cloud Storage OS version 3.2.29.0 and 3.2.42.0 \r\n \r\n#SOLUTION\r\nThe vendor mark as resolved on latest CTERA version 4.x\n\n# 0day.today [2018-04-04] #", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://0day.today/exploit/21870"}], "seebug": [{"lastseen": "2017-11-19T18:23:14", "bulletinFamily": "exploit", "description": "CTERA Cloud Storage OS\u662f\u4e00\u6b3e\u4e91\u5b58\u50a8\u7cfb\u7edf\u3002\r\n\r\nCTERA Cloud Storage OS\u4e0d\u6b63\u786e\u8fc7\u6ee4\u9879\u76ee\u6587\u4ef6\u5939\u4e2d\u7684\u63cf\u8ff0\u5b57\u6bb5\u6570\u636e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\n0\nCTERA Cloud Storage OS 3.2.29.0\r\nCTERA Cloud Storage OS 3.2.42.0\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nCTERA\r\n-----\r\nCTERA Cloud Storage OS 4.0.7\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.ctera.com/products/products/cloud-storage-gateways", "modified": "2014-02-18T00:00:00", "published": "2014-02-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61465", "id": "SSV:61465", "type": "seebug", "title": "CTERA Cloud Storage OS\u9879\u76ee\u6587\u4ef6\u5939\u63cf\u8ff0\u811a\u672c\u6ce8\u5165\u6f0f\u6d1e", "sourceData": "\n # Exploit Title: [CTERA Project Folders - Stored XSS]\r\n \r\n# Date: [11-Mar-2013]\r\n# Exploit Author: [Luigi Vezzoso]\r\n# Vendor Homepage: [http://www.ctera.com]\r\n# Version: [3.2.29.0 and 3.2.42.0 ]\r\n# Tested on: [ctera os]\r\n# CVE : [CVE-2013-2639]\r\n \r\n#OVERVIEW\r\nStandard Ctera User can define a particular \u201cdescription\u201d for a ProjectFolder that cause javascript code execution and HTML injection. \r\n \r\n#INTRODUCTION\r\nCTERA Networks (http://www.ctera.com)bridges the gap between cloud storage and local storage, providing optimized performance and end-to-end security. Our solutions accelerate deployment of cloud services and eliminate the costs associated with file servers, backup servers and tape drives. Service providers and enterprises use CTERA to deliver services such as backup, file sync and share, mobile collaboration, managed NAS and cloud on-ramping, based on the cloud infrastructure of their choice.\r\n \r\n#VULNERABILITY DESCRIPTION\r\nUser can forge particular description on Project Folder that permit XSS, HTML Injection (add of link, images, button ecc). As the project folder can be shared with different users that vulnerability permit the grabbing of sessions cookies.\r\n \r\nFor test the vuln: Create a Project Folder with the following description (the particular path depend of firmware version)\r\n \r\n</xml><img src="https://192.168.3.2/admingui/common.3.2.29.291012114828/script/ext/resources/images/default/grid/loading.gif" onload="alert(document.cookie);">\r\n<xml>\r\n \r\n \r\n \r\n#VERSIONS AFFECTED\r\nTested on CTERA Cloud Storage OS version 3.2.29.0 and 3.2.42.0 \r\n \r\n#SOLUTION\r\nThe vendor mark as resolved on latest CTERA version 4.x\r\n \r\n#CREDITS\r\nLuigi Vezzoso \r\nemail: luigivezzoso@gmail.com\r\nskype: luigivezzoso\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-61465", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
