{"id":441,"date":"2021-05-13T16:07:21","date_gmt":"2021-05-13T16:07:21","guid":{"rendered":"https:\/\/lyhinslab.org\/?p=441"},"modified":"2021-05-13T16:10:41","modified_gmt":"2021-05-13T16:10:41","slug":"how-white-box-hacking-works-stored-xss-in-ntopng","status":"publish","type":"post","link":"https:\/\/lscp.llc\/index.php\/2021\/05\/13\/how-white-box-hacking-works-stored-xss-in-ntopng\/","title":{"rendered":"How White-Box hacking works: Stored XSS in ntopng"},"content":{"rendered":"\n

There is a stored XSS vulnerability in the \u2018ntopng web application\u2019 community edition version 4.1.200612. This vulnerability allows a malicious individual to execute javascript code in the client\u2019s browser in the \u201cdatasource\u201d page of \u2018ntopng\u2019 web interface.<\/p>\n\n\n\n

The vulnerability is found in the \u201cDatasources\u201d functionality in parameter \u201cName\u201d. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

By issuing a POST request while creating a new datasource, it is possible to inject an XSS payload into the name parameter as follows:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Upon loading the page, the script is executed: <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

In the \u201cedit_datasources.lua\u201d script;  the JSON parameter does not pass any checks before being passed to \u201cdatasources_utils.add_source\u201d<\/p>\n\n\n\n

It may be possible to load external JavaScript files to execute them and perform advanced attacks. <\/p>\n\n\n\n

As this vulnerability requires access to a user account, it doesn\u2019t require an urgent fix, but it may be feasible to fix this in the next release.\u00a0

By Ihor Voschyk<\/p>\n\n\n\n

LL advises to all the researchers do not break real applications<\/em> illegally. This fun leads to broken businesses and lives, and, most likely, will not make an attacker really rich.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

There is a stored XSS vulnerability in the \u2018ntopng web application\u2019 community edition version 4.1.200612. This vulnerability allows a malicious individual […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-441","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/posts\/441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/comments?post=441"}],"version-history":[{"count":0,"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/posts\/441\/revisions"}],"wp:attachment":[{"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/media?parent=441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/categories?post=441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lscp.llc\/index.php\/wp-json\/wp\/v2\/tags?post=441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}