Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

F5 BIG-IP Web Management Audit Log XSS

from [nnposter] Network Security [Permanent Link]
Subject: F5 BIG-IP Web Management Audit Log XSS
Date: 23 Mar 2008 02:49:46 -0000 
F5 BIG-IP Web Management Audit Log XSS


Product: F5 BIG-IP
http://www.f5.com/products/big-ip/


The F5 BIG-IP web management interface contains a persistent cross-site 
scripting vulnerability in the audit log facility. Log entries are output raw, 
without being HTML-encoded first. This allows an attacker to create a log entry 
with an embedded script that gets executed any time the audit log is later 
reviewed by an administrator.

One of several exploit vectors is to create a node object with a script 
embedded in the node name. The creation will fail due to unsupported characters 
but an audit log entry still gets created. Other confirmed entry points are 
sysContact and sysLocation on the SNMP configuration page.

It is possible to craft URL links that would generate a suitable log entry with 
a simple HTTP GET request. This allows the attack to be carried out remotely.


The vulnerability has been identified in version 9.4.3. However, other versions 
may be also affected.


Solution:
Do not use the web management interface to review audit logs. Use SSH CLI 
instead.


Found by:
nnposter
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • F5 BIG-IP Web Management Audit Log XSS, nnposter <=
Previous by Date:  [ MDVSA-2008:075 ] - Updated bzip2 packages fix denial of service vulnerability, security
Next by Date:  Linksys phone adapter denial of service, sipherr
Previous by Thread:  [ MDVSA-2008:075 ] - Updated bzip2 packages fix denial of service vulnerability, security
Next by Thread:  Linksys phone adapter denial of service, sipherr
Indexes:  [Date] [Thread] [Top] [All Lists]