SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting

2014-07-22T00:00:00
ID PACKETSTORM:127575
Type packetstorm
Reporter William Costa
Modified 2014-07-22T00:00:00

Description

                                        
                                            `I. VULNERABILITY  
-------------------------  
Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701  
  
II. BACKGROUND  
-------------------------  
Dell® SonicWALL® provides intelligent network security and data protection  
solutions that enable customers and partners to dynamically secure,  
control, and scale their global networks.  
  
III. DESCRIPTION  
-------------------------  
Has been detected a Reflected XSS vulnerability in DELL SonicWALL GMS.  
The code injection is done through the parameter "node_id" in the page  
“/sgms/panelManager?level=1&typeOfUnits=2&node_name=GlobalView&node_id=(HERE  
XSS)”  
  
IV. PROOF OF CONCEPT  
-------------------------  
The application does not validate the parameter “node_ID” correctly.  
https://10.200.210.222:8443/sgms/panelManager?level=1&typeOfUnits=2&node_name=GlobalView&node_id=aaaaaaa'</script><body  
onload=alert(document.cookie)>&panelidz=0,4#tabs-4  
  
V. BUSINESS IMPACT  
-------------------------  
An attacker can execute arbitrary HTML or script code in a targeted  
user's browser, that allows the execution of arbitrary HTML/script code to  
be executed in the context of the victim user's browser allowing Cookie  
Theft/Session Hijacking, thus enabling full access the box.  
  
VI. SYSTEMS AFFECTED  
-------------------------  
Tested DELL SonicWALL Analyzer v7.2 (build 7220.1700)  
  
VII. SOLUTION  
-------------------------  
https://support.software.dell.com/product-notification/128245  
  
By William Costa  
william.costa@gmail.com  
  
  
`