Nagios XI Login XSS
Advisory Information
Advisory ID: NGENUITY-2010-007
Date published: Aug. 19, 2010
Vulnerability Information
Class: Cross-Site Scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Software Description
Nagios XI is the commercial / enterprise version of the open source Nagios project.
Vulnerability Description
The login page for the Nagios XI management interface prior to version 2009R1.3 is vulnerable to cross-site scripting (XSS). This vulnerability does not require the victim to be authenticated. This vulnerability was originally thought to be addressed in version 2009R1.2C.
All the parameters of the login page are vulnerable to injection and execution of JavaScript. This does not require authentication, but if the user is authenticated can provide a reasonably easy way to do whatever actions you want as the Admin user (and negates CSRF protection that has recently been implemented).
Vendor recommends upgrading to version 2009R1.3 or later.
Technical Description
Here is a non-malicious example. The input after login.php is inserted into the permalink_base variable without being sanitized.
http://example.com/nagiosxi/login.php?%22;alert%281%29;//
References
Credits
This vulnerability was discovered by Adam Baldwin
Disclaimer
The contents of this advisory are copyright (c) nGenuity Information Security and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.