Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtSecuid01337DAY-ID-24029
HistoryAug 13, 2015 - 12:00 a.m.

Netsweeper 4.0.4 - Multiple Vulnerabilities

2015-08-1300:00:00
secuid0
0day.today
38

EPSS

0.002

Percentile

62.0%

JSON

Exploit for php platform in category web applications

Netsweeper 4.0.4 - Multiple Vulnerabilities

+---------------------------------------------------+
+ Netsweeper 4.0.4 - Cross Site Scripting Injection +
+---------------------------------------------------+
Affected Product: Netsweeper
Vendor Homepage : www.netsweeper.com/
Version 	: 4.0.4 (and probably other versions)
Discovered by	: Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]
Patched      	: Yes
CVE		: CVE-2014-9607, CVE-2014-9612, CVE-2014-9615

+---------------------+
+ Product Description +
+---------------------+
Netsweeper is a software solution specialized in content filtering.

+----------------------+
+ Exploitation Details +
+----------------------+
One parameters in Netsweeper 4.0.4 and 4.0.3 (and probably other versions) was identified being vulnerable to XSS injection attacks, details provided below.

URL Path: https://netsweeper/remotereporter/load_logfiles.php?server=018192&url=[XSS]

URL Path: http://netsweeper:8080/webadmin/deny/index.php?dpid=1&dpruleid=1&cat=1&ttl=5018400&groupname=<group_name_eg_netsweeper_student_allow_internet_access&policyname=auto_created&username=root&userip=127.0.0.1&connectionip=127.0.0.1&nsphostname=netsweeper&url=[XSS]

+----------------------------------+
+ Netsweeper 4.0.4 - SQL Injection +
+----------------------------------+

Once specific parameter in Netsweeper 3.0.6, 4.0.3 and 4.0.4 (and probably other versions) was identified being vulnerable to SQL injection attacks.
Condition: The exploitation can be performed by any non-authenticated user with access to the vulnerable pages (usually from everyone).

Vulnerable Page: http://netsweeper:8080/remotereporter/load_logfiles.php?server=<SQLi>&url=a
Vulnerable GET Parameter: server


+-------------------------------------------+
+ Netsweeper 4.0.4 - Information Disclosure +
+-------------------------------------------+

Any request that redirects to the deny page (eg client tries to access a blocked site) discloses information in the "username" and "nsphostname" fields.

URL Path: http://netsweeper:8080/webadmin/deny/index.php?dpid=1&dpruleid=1&cat=1&ttl=5018400&groupname=<netsweeper_student_allow_internet_access>&policyname=auto_created&username=<netsweeper_username>&userip=127.0.0.1&connectionip=<client_ip>&nsphostname=<fqdn_of_netsweeper>&url=www.secuid0.net


+----------+
+ Solution +
+----------+
Upgrade to latest version.

#  0day.today [2018-01-10]  #

Related

cve 4
nvd 4
prion 4
cvelist 4
nuclei 2
exploitpack 1
exploitdb 1
openvas 1
cve
cve
CVE-2014-9607
2020-02-19 20:15:13
CVE-2014-9615
2020-02-19 20:15:13
CVE-2014-9616
2017-09-19 15:29:00
nvd
nvd
CVE-2014-9607
2020-02-19 20:15:13
CVE-2014-9616
2017-09-19 15:29:00
CVE-2014-9615
2020-02-19 20:15:13
prion
prion
Cross site request forgery (csrf)
2017-09-19 15:29:00
Cross site scripting
2020-02-19 20:15:00
Cross site scripting
2020-02-19 20:15:00
cvelist
cvelist
CVE-2014-9616
2017-09-19 15:00:00
CVE-2014-9615
2020-02-19 19:59:27
CVE-2014-9607
2020-02-19 19:39:38
nuclei
nuclei
Netsweeper 4.0.4 - Cross-Site Scripting
2021-12-06 16:38:54
Netsweeper 4.0.4 - Cross-Site Scripting
2021-12-06 16:38:54
exploitpack
exploitpack
Netsweeper 4.0.4 - SQL Injection
2015-08-21 00:00:00
exploitdb
exploitdb
Netsweeper 4.0.4 - SQL Injection
2015-08-21 00:00:00
openvas
openvas
Netsweeper Multiple Vulnerabilities (Aug 2015)
2015-08-25 00:00:00

EPSS

0.002

Percentile

62.0%

JSON
Related for 1337DAY-ID-24029
cve4nvd4prion4cvelist4nuclei2exploitpack1exploitdb1openvas1