Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9675

IOActive: Reflected Cross-site Scripting in alarm/list.htm display Parameter

    XMLWordPrintable

    Details

      Description

      Background

      OpenNMS is a carrier-grade, highly integrated, open source platform designed for building network monitoring solutions. There are two distributions of OpenNMS: Meridian and Horizon. Using Meridian is advisable for enterprises and businesses looking for stability and long term support. Horizon is the place where innovation happens quickly and is ideal for monitoring new technologies and IT ecosystems. Both distributions are completely open source.sdfootnote1sym

      Technical Details

      Attackers could trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. The JavaScript code could be used for several purposes including stealing user cookies or as a second step to hijacking a user's session. Another attack plan could include the possibility of inserting HTML instead of JavaScript to change/modify the contents of the vulnerable page, which could be used to trick the client.

      The XSS happens in the display parameter of the /opennms/alarm/list.htm script. The following string could be used to trigger XSS

      https://<OpenNMSHost>:9443/opennms/alarm/list.htm?sortby=count&acktype=unack&limit=20&display=long%22;}alert(123);function%20test(){i=%22

      Proof of concept screenshot:

      (Javascript popup containing string 123)

      Timeline

      Oct 4, 2017: Researchers discovers vulnerability

      Oct XX, 2017: IOActive contacts the vendor

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              jeffg Jeff Gehlbach
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: