← Advisories

up.time 7.5.0 XSS And CSRF Add Admin Exploit

Medium

Advisory ID

ZSL-2015-5252

Release Date

19 August 2015

Vendor

Idera Inc. - http://www.uptimesoftware.com

Affected Version

7.5.0 (build 16) and 7.4.0 (build 13)

CVE

N/A

Tested On

Jetty, PHP/5.4.34, MySQL, Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1j PHP/5.4.34

Summary

The next-generation of IT monitoring software.

Description

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross-site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept

uptime_csrfxss.txtTXT

Disclosure Timeline

29.07.2015Vulnerability discovered.

06.08.2015Vendor contacted.

18.08.2015No response from the vendor.

19.08.2015Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.zeroscience.mk/#/advisories/ZSL-2015-5254

[2]http://cxsecurity.com/issue/WLB-2015080119

[3]https://www.exploit-db.com/exploits/37886/

[4]https://packetstormsecurity.com/files/133253

[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/105835

[6]https://exchange.xforce.ibmcloud.com/vulnerabilities/105834

Changelog

19.08.2015Initial release

13.09.2015Added reference [2], [3], [4], [5] and [6]