Microstrategy Web 7 Cross Site Scripting / Traversal

🗓️ 31 Oct 2018 00:00:00Reported by Rafael PedreroType

packetstorm🔗 packetstormsecurity.com👁 64 Views

Path traversal and Cross-Site Scripting vulnerabilities in Microstrategy Web version

Reporter	Title	Published	Views	Family All 25
0day.today	Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal Vulnerabilities	31 Oct 201800:00	–	zdt
CNVD	Microstrategy Web Cross-Site Scripting Vulnerability (CNVD-2018-23268)	2 Nov 201800:00	–	cnvd
CNVD	Microstrategy Web Cross-Site Scripting Vulnerability	2 Nov 201800:00	–	cnvd
CNVD	Microstrategy Web Directory Traversal Vulnerability	2 Nov 201800:00	–	cnvd
CVE	CVE-2018-18775	1 Nov 201817:00	–	cve
CVE	CVE-2018-18776	1 Nov 201817:00	–	cve
CVE	CVE-2018-18777	1 Nov 201817:00	–	cve
Cvelist	CVE-2018-18775	1 Nov 201817:00	–	cvelist
Cvelist	CVE-2018-18776	1 Nov 201817:00	–	cvelist
Cvelist	CVE-2018-18777	1 Nov 201817:00	–	cvelist

`<!--  
# Exploit Title: Path traversal vulnerability in Microstrategy Web version 7  
# Date: 29-10-2018  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: https://www.microstrategy.com  
# Software Link: https://www.microstrategy.com  
# Version: Microstrategy Web version 7  
# Tested on: all  
# CVE : CVE-2018-18777  
# Category: webapps  
  
1. Description  
  
Directory traversal vulnerability in Microstrategy Web, version 7, in  
"/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote  
authenticated users to bypass intended SecurityManager restrictions and  
list a parent directory via a /.. (slash dot dot) in a pathname used by a  
web application.  
  
  
2. Proof of Concept  
  
http://X.X.X.X/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=../../../../../../../../etc/passwd  
  
3. Solution:  
  
The product is discontinued. Update to last version this product.  
Patch:  
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
  
-->  
  
<!--  
# Exploit Title: Cross Site Scripting in Microstrategy Web version 7  
# Date: 29-10-2018  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: https://www.microstrategy.com  
# Software Link: https://www.microstrategy.com  
# Version: Microstrategy Web version 7  
# Tested on: Unix  
# CVE : CVE-2018-18775  
# Category: webapps  
  
1. Description  
  
Microstrategy Web, version 7, does not sufficiently encode user-controlled  
inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the  
Login.asp Msg parameter.  
  
  
2. Proof of Concept  
  
http://X.X.X.X/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=  
"><script>alert("XSS");</script><"  
  
3. Solution:  
  
The product is discontinued. Update to last version this product.  
Patch:  
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
  
-->  
  
<!--  
# Exploit Title: Cross Site Scripting in Microstrategy Web version 7  
# Date: 29-10-2018  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: https://www.microstrategy.com  
# Software Link: https://www.microstrategy.com  
# Version: Microstrategy Web version 7  
# Tested on: all  
# CVE : CVE-2018-18776  
# Category: webapps  
  
1. Description  
  
Microstrategy Web, version 7, does not sufficiently encode user-controlled  
inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the  
admin.asp ShowAll parameter.  
  
  
2. Proof of Concept  
  
http://X.X.X.X/microstrategy7/admin/admin.asp?ShowAll=  
"><script>alert("XSS")</script><"&ShowAllServers=show  
  
3. Solution:  
  
The product is discontinued. Update to last version this product.  
Patch:  
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
  
-->  
  
  
`

31 Oct 2018 00:00Current

5.3Medium risk

Vulners AI Score5.3

EPSS0.69525