lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 26 Feb 2010 13:38:26 -0700
From: lament@...ack.org
To: bugtraq@...urityfocus.com
Subject: ARISg5 (Version 5.0) Cross Site Scripting Vulnerability

=========================================
Yaniv Miron aka "Lament" Advisory Feb 24, 2010
ARISg5 (Version 5.0) Cross Site Scripting Vulnerability
=========================================

==========================================================================================
Application name: ARISg5 (arisglobal)
Version: 5.0
Class: Input Validation Error 
Type: Cross Site Scripting (XSS)
Remote: Yes
Credit: Yaniv Miron aka "Lament"
Exploit:

http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error Message<script>alert('Malicious XSS Code')</script>

Yaniv Miron aka "Lament".
lament@...ack.org
==========================================================================================

=====================
I. BACKGROUND
=====================
ARISg™ - Adverse Drug Event Reporting
pharmacovigilance and safety
ARISg is the world's leading pharmacovigilance
and clinical safety system for good reason,
with more than 300 life-sciences companies
maintaining their critical safety data in ARISg worldwide.

http://www.arisglobal.com/products/arisg.php

=====================
II. DESCRIPTION
=====================

1. A malicious attacker may inject scripts into the "errmsg" parameter in the ARISg5 (Version 5.0) application.

2. A malicious attacker may Inject his own error message using the "errmsg" parameter
and create a phishing attack using the ARISg5 (Version 5.0) application

=====================
III. ANALYSIS
=====================

1. Exploitation of this vulnerability results in the execution of arbitrary
code using a malicious link.

2. Exploitation of this vulnerability results in creation of a phishing page using
the original ARISg5 (Version 5.0) application error page.

=====================
IV. EXPLOIT
=====================

http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error Message<script>alert('Malicious XSS Code')</script>

=====================
V. DISCLOSURE TIMELINE
=====================

Jan 2009 Vulnerability found
Jan 2009 Vendor Notification
Feb 2010 Vendor Notification (Before Disclosure) 
Feb 2010 Public Disclosure

=====================
VI. CRETID
=====================

Yaniv Miron aka "Lament".
lament@...ack.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ