[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS)
From:       ozkan.aziz () whitehat ! org ! uk
Date:       2006-09-29 19:41:34
Message-ID: 20060929194134.21117.qmail () securityfocus ! com
[Download RAW message or body]

Whitehat.org.uk Advisory (1)

Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability

Vulnerability Type: Active code injection (XSS)

Problem Discovered: 14 September 2006
Vendor Contacted: 14 September 2006
Advisory Published: 29 September 2006

Abstract:
Mercury SiteScope is an agentless system monitoring solution designed to ensure the \
availability and performance of distributed IT infrastructures available on the \
Microsoft Windows Server platform as well as others.

Description:
User supplied HTML code is executed by the sitescope.

Technical Details:

Mercury sitescope 8.2 does not correctly validate user submitted input, making it \
possible to execute user submitted code by the sitescope web engine.

1) With the exception of "create new group name", any field create name field was \
susceptible to exploitation. 2) Any "description" field was susceptible to \
exploitation.

Additional Issues: 
Attempting to inject HTML code in the "new monitor description" field resulted in a \
loss of connectivity to the classic interface.

Workaround:
None at present - This may be considered a low risk issue as the user will need to be \
authenticated in order inject the maliciuos code, however, this attack vector could \
leveraged to steal session information. The vendor has been notified, however, has \
been non-responsive.

Tested Versions:
Mercury Sitescope 8.2 on Windows 2003 server - avaliable from http://www.mercury.com

Credits: Ozkan Aziz

Greetings: Gyan (dude), Varun :) , Gerald (Wheeey), Chitt (eCrimes)

Disclaimer:
This advisory intended to be informational. No responsibility is taken for its \
misuse.


[prev in list] [next in list] [prev in thread] [next in thread]