Super FabriXss.
N2K logoMar 31, 2023

Researchers discover cross-site scripting flaw in Azure Service Fabric platform.

Super FabriXss.

Researchers at Orca Security discovered a Cross-Site Scripting (XSS) vulnerability affecting Azure Service Fabric Explorer (SFX).

XSS flaw can lead to remote code execution.

The vulnerability, which Orca calls “Super FabriXss,” can allow “remote attackers to leverage an XSS vulnerability to achieve remote code execution on a container hosted on a Service Fabric node without the need for authentication.”

The researchers explain, “The vulnerability arises from a vulnerable ‘Node Name’ parameter, which can be exploited to embed an iframe in the user’s context. This iframe then retrieves remote files from a server controlled by the attacker, eventually leading to the execution of a malicious PowerShell reverse shell. This attack chain can ultimately result in remote code execution on the container which is deployed to the cluster, potentially allowing an attacker to take control of critical systems.”

Microsoft issued a patch for the flaw in its March 2023 Patch Tuesday fixes. Organizations that have updated Service Fabric Explorer to the latest version are protected against this vulnerability.