NetSkope Unauthenticated CSV Injection in Admin UI

This post is related to CSV injection in netskope Admin UI (Version 75.0) where an unauthenticated user can inject malicious payload in audit logs of admin portal and once the admin extract and open the report, the malicious payload will be executed.

Test case: The audit logs consist of login attempts which includes username, for test case I have injected a non-malicious payload in username field, this payload was reflecting in audit logs and was executed once we download and open the report.

Exploitation:

 In below screenshot you can see a sample csv injection payload and a dummy password.

To verify if our payload is reflecting in Audit logs of admin portal, we logged-in as an admin and in below screenshot our payload can be seen

   Admin of Netskope admin extracted and downloaded the report.

 Admin opens the downloaded reported and our payload got executed.


This Vulnerability has been fixed now in the latest version of NetSkope and CVE ID : CVE-2020-28845 has been assigned by Mitre Team.

Big thanks to Deepak Venkataravanappa from netskope team for his communications throughout this remediation cycle.

 Thanks.

Aamir Rehman Yousafzai.

Comments

Popular posts from this blog

Autoconfiguration ipv4 address 196.254.x.x IP Problem

Add Background Image on your USB/Flash Drive/Any System drive.

Port forwarding without Router admin access