HP System Management Homepage (SMH) 'message.php'跨站脚本漏洞

2008-08-27T00:00:00
ID SSV:3924
Type seebug
Reporter Root
Modified 2008-08-27T00:00:00

Description

BUGTRAQ ID:30846 CNCAN ID:CNCAN-2008082702

HP System Management Homepage是一款HP公司发布的系统管理主页。 HP System Management Homepage不正确处理用于显示通用错误消息的输入参数,远程攻击者可以利用漏洞进行跨站脚本攻击,可获得敏感信息。 漏洞影响"message.php"脚本,此页面使用JavaScript属性"location.search"用于建立错误消息,如URL中提供的错误ID不匹配任何合法的代码,通用错误会报告("An unknown error (%INVALID_CODE%) occurred")。 HP System Management Homepage (可能<= 2.1.1)只对客户端方进行了输入验证,缺少充分的过滤。 在HP System Management Homepage 2.1.4之后的版本进行了服务端的检查,但是对NULL字节(%00)缺少过滤可绕过检查,提供恶意参数。

HP System Management Homepage 2.1.12 HP System Management Homepage 2.1.11 HP System Management Homepage 2.1.10 HP System Management Homepage 2.1.9 HP System Management Homepage 2.1.8 HP System Management Homepage 2.1.7 HP System Management Homepage 2.1.6 HP System Management Homepage 2.1.5 HP System Management Homepage 2.1.4 HP System Management Homepage 2.1.3 .132 HP System Management Homepage 2.1.3 HP System Management Homepage 2.1.2 HP System Management Homepage 2.1.2 HP System Management Homepage 2.1.1 HP System Management Homepage 2.1 HP System Management Homepage 2.0.2 HP System Management Homepage 2.0.1 HP System Management Homepage 2.0 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 目前没有解决方案提供: <a href=http://h18013.www1.hp.com/products/servers/management/agents/documentation.html target=_blank>http://h18013.www1.hp.com/products/servers/management/agents/documentation.html</a>

                                        
                                            
                                                [Exploit]
1st vector)
https://&lt;IP&gt;:2381/message.php?&lt;script&gt;&lt;script&gt;alert('xss')&lt;/script&gt;&lt;/script&gt;
2nd vector)
https://&lt;IP&gt;:2381/message.php?aa%00&lt;script&gt;&lt;script&gt;alert('xss')&lt;/script&gt;
&lt;/sc