Thursday, March 19, 2015

How to verify CVE-2013-3589 (Dell iDRAC 6 and iDRAC 7 XSS Vulnerability)

1.   Nessus description:

The remote Dell Remote Access Controller (iDRAC6 / iDRAC7) is affected by a cross-site scripting vulnerability. The login page does not properly sanitize user-supplied input to the 'ErrorMsg' parameter. An attacker could leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

2.   Demonstration:

1) Actually the login page does filter some Java scripts, so if you use the common script like <script>alert(1)</script>, it won’t work.
2) Example 1: pop up a javascript window.

3) Example 2: redirect to"><img src=x'');>

3.   Recommendation

1) Upgrade to firmware version 1.96 (iDRAC6) / 1.46.45 (iDRAC7) or later.

4.   References: