SHARE
TWEET

persistent input validation vulnerability

BreakTheSec Dec 18th, 2012 170 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Proof of Concept:
  2. =================
  3. The persistent input validation vulnerability can be exploited by remote attackers with low required user interaction & low privileged user account.
  4. For demonstration or reproduce ...
  5.  
  6. Review: Edit Configuration > layer4 > Virtual Servers - [Label] [Virtual Host] [Request to send] [Email Alerts] [Response expected]
  7. <pre>
  8. #0 /var/www/html/lbadmin/inc/ldirectord.inc(695): execute('/etc/rc.d/rc.lv...') #1 /var/www/html/lbadmin/inc/ldirectord.inc(610):
  9. tcp_timeouts(Array) #2 /var/www/html/lbadmin/config/ldirectord.php(627): ldirectord_vip_edit('0', 'ipv4', '10.1.1.5', '80', '
  10. <h1>[PERSISTENT INJECTED SCRIPT CODE!]</h1>
  11. ', 'tcp', 'masq', '255.255.255.255', '127.0.0.1', '9081', 'yes', '300', 'wrr', 'none', '
  12. <h1>[PERSISTENT INJECTED SCRIPT CODE!]</h1>
  13. <h1>[PERSISTENT INJECTED SCRIPT CODE!]</h1>
  14. <h1>[PERSISTENT INJECTED SCRIPT CODE!]</h1>
  15. <h1>[PERSISTENT INJECTED SCRIPT CODE!]</h1>
  16. </pre>
  17.  
  18.  
  19. URL: http://loadbalancer.127.0.0.1:8080/lbadmin/config/ldirectord.php?action=modvirtual&subaction=editdata&v=0&t=1355504097
  20.  
  21. ...
  22.  
  23. Review: Edit Configuration > Add New Floating IP
  24. <p class="error">
  25. Error:
  26. <em>
  27. The Floating IP address '
  28. <iframe [PERSISTENT INJECTED SCRIPT CODE!]>
  29. <html>
  30. <head>
  31. <body vlink="#990000" text="#990000" link="#990000" bgcolor="#000000" alink="#999999" dir="ltr">
  32. </html>
  33. </iframe>
  34. </em>
  35. </p>
  36.  
  37. URL: http://loadbalancer.127.0.0.1:8080/lbadmin/config/changevips.php?mnp=edit&submnp=efip&t=1355527607&l=e
  38.  
  39. ...
  40.  
  41. Review: Edit Configuration > SSL termination > Modify  [Label] [Ciphers to use]
  42. <pre>
  43. execute(): 'cp /usr/local/etc/certs/server.pem /usr/local/etc/certs/
  44. <h1>label</h1>
  45. .pem' failed: errno 1,
  46. </pre>
  47. <p></p>
  48. <h3>Trace:</h3>
  49. <p></p>
  50. <pre>
  51. #0 /var/www/html/lbadmin/inc/pound.inc(164): execute('cp /usr/local/e...') #1 /var/www/html/lbadmin/config/pound.php(243): pound_vip_add('
  52. <h1>[PERSISTENT INJECTED SCRIPT CODE!]</h1>
  53. ', 'ipv4', '10.0.0.20', '443', '10.0.0.20', '80', '
  54. <h1>
  55. [PERSISTENT INJECTED SCRIPT CODE!]
  56. <p></p>
  57. </h1>
  58. </pre>
  59.  
  60. URL: http://loadbalancer.127.0.0.1:8080/lbadmin/config/pound.php?action=adddata&t=1355504561
  61.  
  62. ...
  63.  
  64. Review: Edit Configuration > Physical - Advanced Configuration
  65.  
  66. <p class="error">
  67. Error:
  68. <em>
  69. Input field failed the validation.
  70. <br>
  71. '">
  72. <iframe [PERSISTENT INJECTED SCRIPT CODE!]>
  73. ' is not a valid IP address.
  74. </em>
  75. </p>
  76.  
  77. URL: http://loadbalancer.127.0.0.1:8080/lbadmin/config/physicaladv.php?mnp=edit&submnp=epa&t=1355527441&l=e
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top