Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability
Title: Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability
Advisory ID: ZSL-2015-5266
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 26.09.2015
Apache/2.2.15
PHP/5.3.3
[12.08.2015] Vendor contacted.
[13.08.2015] Vendor replies asking more details.
[13.08.2015] Sent details to the vendor.
[14.08.2015] Vendor sends details to developing team.
[19.08.2015] Asked vendor for status update.
[19.08.2015] Vendor states that some issues were fixed in 2.6.2 and rest will be fixed in 2.6.3 or 2.7.
[25.08.2015] Asked vendor for status update.
[25.08.2015] Vendor will get back to us by 15th of September because of holidays.
[16.09.2015] No reply from the vendor.
[17.09.2015] Informed vendor about public release.
[17.09.2015] Vendor has released version 2.6.2 fixing the file upload issue. Remaining issues promised to be fixed in next release.
[24.09.2015] Vendor releases version 2.6.3 to fix remaining issues?
[26.09.2015] Public security advisory released.
[2] https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.3.html
[3] https://www.exploit-db.com/exploits/38339/
[4] https://packetstormsecurity.com/files/133758
[5] https://cxsecurity.com/issue/WLB-2015090166
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/106856
[7] https://secunia.com/advisories/66651/
[8] https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.5.html
[07.10.2015] - Added reference [3], [4], [5] and [6]
[10.11.2015] - Added reference [7]
[21.11.2015] - Added reference [8]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2015-5266
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 26.09.2015
Summary
Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management.Description
Centreon suffers from a stored XSS vulnerability. Input passed thru the POST parameter 'img_comment' is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.Vendor
Centreon - https://www.centreon.comAffected Version
2.6.1 (CES 3.2)Tested On
CentOS 6.6 (Final)Apache/2.2.15
PHP/5.3.3
Vendor Status
[10.08.2015] Vulnerability discovered.[12.08.2015] Vendor contacted.
[13.08.2015] Vendor replies asking more details.
[13.08.2015] Sent details to the vendor.
[14.08.2015] Vendor sends details to developing team.
[19.08.2015] Asked vendor for status update.
[19.08.2015] Vendor states that some issues were fixed in 2.6.2 and rest will be fixed in 2.6.3 or 2.7.
[25.08.2015] Asked vendor for status update.
[25.08.2015] Vendor will get back to us by 15th of September because of holidays.
[16.09.2015] No reply from the vendor.
[17.09.2015] Informed vendor about public release.
[17.09.2015] Vendor has released version 2.6.2 fixing the file upload issue. Remaining issues promised to be fixed in next release.
[24.09.2015] Vendor releases version 2.6.3 to fix remaining issues?
[26.09.2015] Public security advisory released.
PoC
centreon_xss.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.2.html[2] https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.3.html
[3] https://www.exploit-db.com/exploits/38339/
[4] https://packetstormsecurity.com/files/133758
[5] https://cxsecurity.com/issue/WLB-2015090166
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/106856
[7] https://secunia.com/advisories/66651/
[8] https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.5.html
Changelog
[26.09.2015] - Initial release[07.10.2015] - Added reference [3], [4], [5] and [6]
[10.11.2015] - Added reference [7]
[21.11.2015] - Added reference [8]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
