Possible Security Vulnerabilities #30
Comments
ghost
assigned 
|
Hi Jacob, Oh man, you found it! I guess that sanitizing the input string will fix the three issues, otherwise let me know. Thanks a lot for your feedback! |
…ver which led a number of security vulnerabilities. #30
|
Wow, talk about a quick turn around! I'll update Monitorix on our Base Image. (when it hits epel repo) and rerun the scan. Ill let you know my findings. Thanks again for a quick turn around. |
|
You're very welcome! Thanks. |
|
You got the big one! The Goscript go.cgi Arbitrary Command Execution is no longer an issue. This was rated by Nessus as a High vulnerability. the other two are still there though. They are rated at a Medium on the bad scale.
I have sent you an email containing more details on these issues. Good job getting rid of the goScript issue, that was the big one. |
|
Yeah, I've received it. Thanks! |
|
thank you! |
|
Jacob, I've finally addressed the last two issues (XSS and Cookie Injection). Many thanks again for your advice. |
|
Ok, this week is pretty slow at work(Thanksgiving). If I have time I will check it out and confirm for you tomorrow. If not a few days worst case. Thanks again for working on this. |
|
All confirmed Fixed, I manually modified a Monitorix on our end with your modifications from your Dev Branch. I then ran a few different scans.
Scans, all came back clean. We look good to go. I'll update all systems when you push to master and the repos are up to date. Thanks again for a quick turn around. |
|
Perfect! |
Note, these should not be a huge issue if utilizing a proper firewall. But it might be something you would want to look into and fix anyways.
These where found by a Nessus scan performed against a server running Monitorix.
First One:
Severity: HIGH
Exploit:
Goscript go.cgi Arbitrary Command Execution
Description
The remote host is running GoScript. The installed version fails to properly sanitize user-supplied input to the 'go.cgi' script. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary commands on the remote host.
Solution
There is no known solution at this time.
See Also
http://archives.neohapsis.com/archives/bugtraq/2004-08/0037.html
Plugin Output
It was possible to execute the command 'id' on the remote host
by requesting the following URL :
http://10.19.75.76:8080/amPortal/action/go.cgi|id|
Second One:
Severity: Medium
Exploit
Web Server Generic Cookie Injection
Description
The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to inject arbitrary cookies. Depending on the structure of the web application, it may be possible to launch a 'session fixation' attack using this mechanism.
Solution
Contact the vendor for a patch or upgrade.
See Also
http://en.wikipedia.org/wiki/Session_fixation
http://www.owasp.org/index.php/Session_Fixation
http://www.acros.si/papers/session_fixation.pdf
http://projects.webappsec.org/Session-Fixation
Plugin Output
The request string used to detect this flaw was :
/<script>document.cookie=%22testzgsf=9268;%22</script>
The output was :
HTTP/1.0 404 Not found
Date: Wed, 20 Nov 2013 13:34:54 -0500
Server: Monitorix HTTP Server
Connection: close
Content-Type: text/html; charset=UTF-8
[...]
<title>404 Not Found</title>Not Found
The requested URL /<script>document.cookie="testzgsf=9268;"</script> was not found on this server.
Monitorix HTTP Server listening at localhost Port 8080 [...]
Third one:
Severity: Medium
Exploit
Web Server Generic XSS
Description
The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site.
Solution
Contact the vendor for a patch or upgrade.
See Also
http://en.wikipedia.org/wiki/Cross-site_scripting
Plugin Output
The request string used to detect this flaw was :
/<script>cross_site_scripting.nasl</script>.asp
The output was :
HTTP/1.0 404 Not found
Date: Wed, 20 Nov 2013 13:36:20 -0500
Server: Monitorix HTTP Server
Connection: close
Content-Type: text/html; charset=UTF-8
Not Found
The requested URL /<script>cross_site_scripting.nasl</script>.asp was no
t found on this server.
Monitorix HTTP Server listening at localhost Port 8080
The text was updated successfully, but these errors were encountered: