Discoverer:NHPT

Introduce

The next generation firewall of Shanshi Network Technology is an intrusion prevention technology based on deep application, protocol detection, and attack principle analysis. It can effectively filter out security threats such as viruses, trojans, worms, spyware, vulnerability attacks, and escape attacks, providing users with comprehensive security protection of L2-L7 layer networks, while effectively protecting user network health and server security, and providing excellent security protection performance; Through deep detection and analysis technology of network traffic, multi-dimensional accurate identification can be carried out based on applications, users, content, national geography, etc., providing users with rich and flexible security control functions; Through strong network adaptability, it can achieve secure deployment in complex environments and meet the diverse network functional needs of users.

Vendor of the product(s)

https://www.hillstonenet.com.cn/

Product

Hillstone Next Generation FireWall SG-6000-E3960

Version 5.5

Untitled

Vulnerability Description

Hillstone Next Generation FireWall hostname has an XSS vulnerability due to the use of front-end filtering instead of back-end filtering.

Principle and recurrence of vulnerabilities

The device information with vulnerabilities is as follows:

Untitled

Modify the host name in the browser:

Untitled

Then use Burp to intercept the data packet and insert Payload:<img src='<http://127.0.0.1/a.js>' onerror=alert(1)>

Untitled

Trigger XSS vulnerability when viewing system information:

Untitled