=======
. contents:: Table Of Content
ManageEngine Firewall Analyzer is an agent less log analytics and configuration management software that helps network administrators to centrally collect, archive, analyze their security device logs and generate forensic reports out of it.
Real-time event response system and Integrated Compliance Management module of Firewall Analyzer automates your end point security monitoring, network bandwidth monitoring and security & compliance auditing. Firewall Analyzer eases your Device Configuration Management by providing out-of-the-box reports and alerts for configuration changes. Firewall Analyzer is vendor-agnostic and supports almost all open source and commercial network firewalls like Check Point, Cisco, Juniper, Fortinet, Snort, Squid Project, SonicWALL, Palo Alto and more, IDS/IPS, VPNs, Proxies and other related security devices
This Product is vulnerable to a combination of XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can execute arbitrary code into login page. Once exploited, admin?s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc.
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XS
S)
After Setting up Manage engine navigate to its user interface
Use this payload in Username field
#####payload To Use#######################
"><script>alert(document.cookie)</script>
##########################################
#Live Poc URL
http://2.bp.blogspot.com/-tR6Sj42AU3U/VTah88edXnI/AAAAAAAABMo/N8DjRQorso4/s1600/poc_xss.JPG
http://kapil-hackertutorials.blogspot.in/
Follow the below steps to fix the issue:
Please find the fix for XSS vulnerabilities:
Stop the FWA service.
Download the fix and extract it:
This would contain 7 fix folders and 1 additional folder:
• FWA Home - conf (1 file)
• FWA Home - lib (8 files)
• FWA Home - lib - resources (2 files)
• FWA Home - webapps - fw - images (1 file)
• FWA Home - webapps - fw - javascript (2 files)
• FWA Home - webapps - fw - styles (1 file)
• FWA Home - webapps - fw - WEB-INF (2 files)
and
• Screen-shot folder
// The last additional folder containing screen-shots for your reference explaining "what files have to be placed / replaced?" and "Where?" //
Location Files which has to be newly placed Files which has to be replaced
(A similar would be there in this
location , just replace it)
C:\ManageEngine\Firewall\conf
antisamy-fwa-policy.xml -
C:\ManageEngine\Firewall\lib
antisamy-1.5.3
batik-css.jar
nekohtml.jar
ss_css2.jar
xercesImpl.jar
xml-apis.jar FirewallAnalyzerJSP.jar
LogAnalyzerClient.jar
C:\ManageEngine\Firewall\lib\resources -
MessageResources.prop
MessageResources_JS_en_US.prop
C:\ManageEngine\Firewall\webapps\fw\images
errorpage.png -
C:\ManageEngine\Firewall\webapps\fw\javascript -
FAUtil.js
PolicyReport.js
C:\ManageEngine\Firewall\webapps\fw\styles -
newTheme.css
C:\ManageEngine\Firewall\webapps\fw\WEB-INF -
struts-config.xml
web.xml
// C:\ManageEngine\Firewall is referred as <FWA Home> i.e. Default FWA installation folder //