PacketFence Network Access Controller - Cross-Site Scripting

EDB-ID:

10571

CVE:


Author:

K053

Type:

webapps

Platform:

PHP

Published:

2009-12-20

# Title : Injection Flaw in PacketFence Network Access Controller
# Date : 20-12-2009
# Author : K053
# Tested on : Private Networks
# Download : http://www.packetfence.org/download/releases.html
______________________________________________________________________________________________
Note :
------
PacketFence is a fully supported, Free and Open Source network access control (NAC) system.
PacketFence is actively maintained and has been deployed in numerous large-scale institutions
over the past years. It can be used to effectively secure networks - from small to very large
heterogeneous networks.
______________________________________________________________________________________________
Bug [ Login.php ] :
-------------------
function check_input($input){
  if(preg_match("/^[\@a-zA-Z0-9_\:\,\(\)]/", $input) && strlen($input) <= 15){
    return true;
  }
  else{
    print "Invalid parameter: $input<br>";
    return false;
  }
}

//TODO are we being too difficult on what we accept as a password? ie: pass starting with ; is invalid
function check_sensitive_input($input){
  if(preg_match("/^[\@a-zA-Z0-9_\:\,\(\)]/", $input) && strlen($input) <= 15){
    return true;
  }
  else{
    print "Invalid sensitive parameter<br>";
    return false;
  }
}
______________________________________________________________________________________________
Poc :
-----
The Function fail on input validation on passed data, application is vulnerable to injection flaw like
Xss , Html Code injection ... :

Attacker can perform attack via post method : manipulate passed data or just enter something like
<script>alert(0)</script> in username filed .
______________________________________________________________________________________________