Skip to content
cyberexploits
webappphptext

CTERA 3.2.29.0 / 3.2.42.0 - Persistent Cross-Site Scripting

CTERA 3.2.29.0 / 3.2.42.0 - Persistent Cross-Site Scripting

Publié le 2014-02-07

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/php/webapps/31517.txt7eac4c3a
raw
# Exploit Title: [CTERA Project Folders -  Stored XSS]

 

# Date: [11-Mar-2013]

# Exploit Author: [Luigi Vezzoso]

# Vendor Homepage: [http://www.ctera.com]

# Version: [3.2.29.0 and 3.2.42.0 ]

# Tested on: [ctera os]

# CVE : [CVE-2013-2639]

 

#OVERVIEW

Standard Ctera User can define a particular “description” for a ProjectFolder that cause javascript code execution and HTML injection. 

 

#INTRODUCTION

CTERA Networks (http://www.ctera.com)bridges the gap between cloud storage and local storage, providing optimized performance and end-to-end security. Our solutions accelerate deployment of cloud services and eliminate the costs associated with file servers, backup servers and tape drives. Service providers and enterprises use CTERA to deliver services such as backup, file sync and share, mobile collaboration, managed NAS and cloud on-ramping, based on the cloud infrastructure of their choice.

 

#VULNERABILITY DESCRIPTION

User can forge particular description on Project Folder that permit XSS, HTML Injection (add of link, images, button ecc). As the project folder can be shared with different users that vulnerability permit the grabbing of sessions cookies.

 

For test the vuln: Create a Project Folder with the following description (the particular path depend of firmware version)



</xml><img src="https://192.168.3.2/admingui/common.3.2.29.291012114828/script/ext/resources/images/default/grid/loading.gif" onload="alert(document.cookie);">

<xml>







#VERSIONS AFFECTED

Tested on CTERA Cloud Storage OS version 3.2.29.0 and 3.2.42.0 

 

#SOLUTION

The vendor mark as resolved on latest CTERA version 4.x

 

#CREDITS

Luigi Vezzoso 

email:  luigivezzoso@gmail.com

skype:  luigivezzoso

Voir sur GitHub