Summary
In this report, I have identified a security vulnerability in the Cacti web system that enables malicious actors to exploit it. This type of vulnerability falls under the category of Stored XSS. Stored XSS is one of the fundamental aspects of information security, and vulnerabilities in this area can lead to unauthorized access to sensitive information or critical resources Cookie.
This vulnerability is associated with the Stored XSS process in the system. When a user logs in with high-level permissions,It has the ability to implement XSS Stored vulnerability and can exploit this vulnerability .
Details
Attack Scenario Description:
To better understand this vulnerability, I will explain the attack scenario as follows:
-
In the initial step, a user account with specific access levels is created.
Image: 
-
After logging into the user account, to create a new Device, we navigate to the "Management" tab, then go to the "Devices" sub-tab. Subsequently, a new Device is created. In the "Description" and "Hostname" sections, a malicious XSS payload is entered, and the device is saved.
Image: 
-
Upon returning to the "Management" tab, we proceed to the "Trees" sub-tab and enter the desired "Tree Name."
Image: 
-
Under the "Available Sites" sub-tab, we first enter "Edge" and then navigate to "Core."
Image: 
-
As observed, the Stored XSS vulnerability is executed, triggering a high-level alert.
Image: 
PoC
Input Sanitization and Escaping:
Use input sanitization and escaping to cleanse user inputs from malicious code. Utilize secure functions or libraries for this purpose in programming languages.
Limit the Use of Inline JavaScript:
It is recommended to avoid inline JavaScript and use alternative methods for executing JavaScript code, such as utilizing browser-safe functions.
Proper Output Escaping:
Ensure that data retrieved from databases or other sources is properly output-escaped to prevent the execution of malicious script payloads.
Impact
The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. XSS can take various forms, and one specific type is XSS stored (also known as persistent or type-I XSS), where malicious scripts are permanently stored on a target server and served to users who access a particular page.
Web Applications:
Websites or web applications that are susceptible to XSS stored vulnerabilities can be impacted. If an attacker successfully injects malicious scripts into the application's database, these scripts will be served to users accessing the compromised pages.
End Users:
Users who visit a page with XSS stored vulnerabilities may unknowingly execute malicious scripts in their browsers. This can lead to various attacks, such as session hijacking, stealing sensitive information (e.g., cookies), defacement of web pages, or spreading malware.
Data Security:
XSS stored vulnerabilities pose a risk to the security of stored data in databases. If an attacker can inject and store malicious scripts in the database, they may compromise sensitive information and potentially execute unauthorized actions on behalf of users.
nemesis1695 Reporter
netniV Coordinator
Summary
In this report, I have identified a security vulnerability in the Cacti web system that enables malicious actors to exploit it. This type of vulnerability falls under the category of Stored XSS. Stored XSS is one of the fundamental aspects of information security, and vulnerabilities in this area can lead to unauthorized access to sensitive information or critical resources Cookie.
This vulnerability is associated with the Stored XSS process in the system. When a user logs in with high-level permissions,It has the ability to implement XSS Stored vulnerability and can exploit this vulnerability .
Details
Attack Scenario Description:
To better understand this vulnerability, I will explain the attack scenario as follows:
In the initial step, a user account with specific access levels is created.
Image:
After logging into the user account, to create a new Device, we navigate to the "Management" tab, then go to the "Devices" sub-tab. Subsequently, a new Device is created. In the "Description" and "Hostname" sections, a malicious XSS payload is entered, and the device is saved.
Image:
Upon returning to the "Management" tab, we proceed to the "Trees" sub-tab and enter the desired "Tree Name."
Image:
Under the "Available Sites" sub-tab, we first enter "Edge" and then navigate to "Core."
Image:
As observed, the Stored XSS vulnerability is executed, triggering a high-level alert.
Image:
PoC
Input Sanitization and Escaping:
Limit the Use of Inline JavaScript:
Proper Output Escaping:
Impact
The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. XSS can take various forms, and one specific type is XSS stored (also known as persistent or type-I XSS), where malicious scripts are permanently stored on a target server and served to users who access a particular page.
Web Applications:
End Users:
Data Security: