CSRF and XXS In Manage Engine oputils

Posted On // Leave a Comment

CSRF and XXS In Manage Engine oputils

 

Overview

 
* Title : CSRF  and XSS In Manage Engine OPutils
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://www.manageengine.com/products/oputils/
* Severity: HIGH
* Version Affected: Version 8.0
* Version Tested : Version 8.0
* version patched:
 

Advisory ID


2016-01-Manage_Engine
 

Description


Vulnerable Parameter

1. RouterName
2. action Form
3. selectedSwitchTab
4. ipOrHost
5. alertMsg
6. hostName
7. switchID
8. oidString
 

About Vulnerability


This Application is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin?s browser can be made t do almost anything the admin user could typically do by hijacking admin's cookies etc.
 

Vulnerability Class

Cross Site Request Forgery (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29)
Cross Site Scripting       (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)

Disclosure

28-January-2016 Reported to Developer
28-January-2016 Acknodlagement from developer
11-February-2016 Fixed by vendor () 

credits

* Kaustubh Padwad
* Information Security Researcher
* kingkaustubh@me.com
* https://twitter.com/s3curityb3ast
* http://breakthesec.com
* https://www.linkedin.com/in/kaustubhpadwad