| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4739628F.3000605@isecauditors.com>
Date: Tue, 13 Nov 2007 09:38:39 +0100
From: ISecAuditors Security Advisories <advisories@...cauditors.com>
To: bugtraq@...urityfocus.com
Subject: [ISecAuditors Security Advisories] VTLS.web.gateway cgi is vulnerable
to XSS
=============================================
INTERNET SECURITY AUDITORS ALERT 2006-004
- Original release date: April 18, 2006
- Last revised: November 13, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 1/5
=============================================
I. VULNERABILITY
-------------------------
VTLS.web.gateway cgi is vulnerable to XSS
II. BACKGROUND
-------------------------
vtls.web.gateway cgi is a product from Visionary Technology in Library
Solutions.
VTLS Inc. is a leading global company that creates and provides
visionary technology in library solutions.
The company provide these solutions to a diverse customer base of more
than 900 libraries in over 32 countries.
III. DESCRIPTION
-------------------------
VTLS is vulnerable to a cross site scripting attack, it is possible to
execue html and javascript code in the browser of who cliks in a
malicious crafted link.
Here is a simple proof of concept that change html page as example. An
attacker could intercept the keyboard, or make CSRF to submit a form
of other page.
IV. PROOF OF CONCEPT
-------------------------
http://somevtlsweb.net/cgi-bin/vtls/vtls.web.gateway?authority=1&searchtype=subject%22%3E%3Ch1%3E%3Cmarquee%3EXSS%20bug%3C/marquee%3E%3C/h1%3E%3C!--&kind=ns&conf=080104+++++++
VI. SYSTEMS AFFECTED
-------------------------
All with this solution up to 48.1.0
VII. SOLUTION
-------------------------
Update to Version 48.1.1
VII. SOLUTION
-------------------------
Update to Version 48.1.1
VIII. REFERENCES
-------------------------
www.vtls.com
IX. CREDITS
-------------------------
This vulnerability has been discovered and reported by
Jesus Olmos Gonzalez (jolmos (at) isecauditors (dot) com).
X. REVISION HISTORY
-------------------------
April 18, 2006: Initial release.
November 13, 2007: Last revision.
XI. DISCLOSURE TIMELINE
-------------------------
February 27, 2006: The vulnerability discovered by
Internet Security Auditors.
April 18, 2006: Initial vendor notification sent.
No response
April 26, 2006: Second vendor notification sent.
Ping pong responses.
September 14, 2006: Third vendor notification sent.
No response.
December 01, 2006: Fourth vendor notification sent.
No response.
December 04, 2006: New patch coming.
No schedule.
January 02, 2007: Fifth vendor contact to ask for planning.
No response.
January 22, 2007: Sixth vendor contact to ask for planning.
Scheduled.
March 23, 2007: Seventh vendor contact to ask for planning.
Re-Scheduled.
May 22, 2007: Eigth vendor contact to ask for planning.
Re-Scheduled.
October 01, 2007: Nineth vendor contact to ask for planning.
Patch will be published in October.
November 09, 2007: Tenth. Version 48.1.1 has been approved for
general release and published.
November 13, 2007: Advisory Published.
XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors, S.L. accepts no responsibility for any
damage caused by the use or misuse of this information.
Powered by blists - more mailing lists