Nagios XI Login Cross Site Scripting

2010-08-21T00:00:00
ID PACKETSTORM:92936
Type packetstorm
Reporter Adam Baldwin
Modified 2010-08-21T00:00:00

Description

                                        
                                            ` Nagios XI Login XSS  
  
Advisory ID: NGENUITY-2010-007  
  
Vulnerability Information  
Class: Cross-Site Scripting (XSS)  
  
Software Description  
Nagios XI is the commercial / enterprise version of the open source  
Nagios project.  
  
Vulnerability Description  
The login page for the Nagios XI management interface prior to version  
2009R1.3 is vulnerable to cross-site scripting (XSS). This vulnerability  
does not require the victim to be authenticated. This vulnerability was  
originally thought to be addressed in version 2009R1.2C.  
  
All the parameters of the login page are vulnerable to injection and  
execution of JavaScript. This does not require authentication, but if  
the user is authenticated can provide a reasonably easy way to do  
whatever actions you want as the Admin user (and negates CSRF protection  
that has recently been implemented).  
  
Vendor recommends upgrading to version 2009R1.3 or later.  
  
  
Technical Description  
Here is a non-malicious example. The input after login.php is inserted  
into the permalink_base variable without being sanitized.  
  
http://example.com/nagiosxi/login.php?%22;alert%281%29;//  
  
  
Credits  
This vulnerability was discovered by Adam Baldwin  
  
Original Advisory  
http://ngenuity-is.com/advisories/2010/aug/19/nagios-xi-login-xss/  
  
`