Stored HTML Injection vulnerability in SolarWinds Orion

[Cyber Arch]

HTML injection is a type o' injection issue that happens when a user can control an input point and can inject any HTML code into a web page that's vulnerable. This vulnerability can hae mony consequences, like revealing a user’s session cookies that could be used tae pretend tae be the victim, or mair generally, allowin' tae change the page content seen by the victims.

This vulnerability happens when the user input isnae properly cleaned and the output isnae encoded. An injection lets ye send a dodgy HTML page tae a victim. The targeted browser cannae tell the difference (trust) between the legit and dodgy parts and so will process and run it all as legit in the victim's context.

The product version is: SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4)

Method o' exploit:

a. Dounload the trial software exe file fae: https://www.solarwinds.com/network-performance-monitor
b. Install the exe file
c. Open Orion wab console (hostname o' system: 8787)
d. Dinnae put in onythin' fur yer password, jist leave it blank, and type in "admin" as yer username.
e. Head tae settings > all settings.
f. Then gang tae Product specific settings > Web console settings.
g. Here ye can see Site login text box.
h. Here enter yer dodgy HTML, quick example:
<h1><a href=”http://www. YOURDEVILWEBSITE .com“>Click Here for Login</a></h1>
i. Noo submit the chynges and log oot o' the application.
j. Noo on the login page ye can see the chynged content. When ye hover ower it, ye'll see it'll redirect tae http://www. YOURDEVILWEBSITE .com. This is Stored HTML Injection.

CVE-2019-12863