XpoLog Center V6 CSRF Remote Command Execution
Title: XpoLog Center V6 CSRF Remote Command Execution
Advisory ID: ZSL-2016-5335
Type: Local/Remote
Impact: Cross-Site Scripting, System Access
Risk: (4/5)
Release Date: 01.07.2016
6.4254
6.4252
6.4250
6.4237
6.4235
5.4018
Microsoft Windows Server 2012
Microsoft Windows 7 Professional SP1 EN 64bit
Java/1.7.0_45
Java/1.8.0.91
[21.06.2016] Contact with the vendor.
[30.06.2016] No response from the vendor.
[01.07.2016] Public security advisory released.
[2] https://cxsecurity.com/issue/WLB-2016070008
[3] https://www.exploit-db.com/exploits/40050/
[4] https://packetstormsecurity.com/files/137747
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/114725
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/114729
[02.07.2016] - Added reference [2]
[04.07.2016] - Added reference [3]
[06.07.2016] - Added reference [4], [5] and [6]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2016-5335
Type: Local/Remote
Impact: Cross-Site Scripting, System Access
Risk: (4/5)
Release Date: 01.07.2016
Summary
Applications Log Analysis and Management Platform.Description
XpoLog suffers from arbitrary command execution. Attackers can exploit this issue using the task tool feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF an attacker can execute system commands with SYSTEM privileges.Vendor
XpoLog LTD - http://www.xpolog.comAffected Version
6.44696.4254
6.4252
6.4250
6.4237
6.4235
5.4018
Tested On
Apache-Coyote/1.1Microsoft Windows Server 2012
Microsoft Windows 7 Professional SP1 EN 64bit
Java/1.7.0_45
Java/1.8.0.91
Vendor Status
[14.06.2016] Vulnerability discovered.[21.06.2016] Contact with the vendor.
[30.06.2016] No response from the vendor.
[01.07.2016] Public security advisory released.
PoC
xpolog_cmd.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5334.php[2] https://cxsecurity.com/issue/WLB-2016070008
[3] https://www.exploit-db.com/exploits/40050/
[4] https://packetstormsecurity.com/files/137747
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/114725
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/114729
Changelog
[01.07.2016] - Initial release[02.07.2016] - Added reference [2]
[04.07.2016] - Added reference [3]
[06.07.2016] - Added reference [4], [5] and [6]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk