| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Nov 2012 11:40:52 -0800
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: Vulnerability Lab <research@...nerability-lab.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Apple WGT Dictionnaire 1.3 - Script Code
Inject Vulnerability
On Nov 27, 2012, at 5:52 PM, Vulnerability Lab <research@...nerability-lab.com> wrote:
> Proof of Concept:
> =================
> The software validation vulnerability can be exploited by local attackers with required user interaction and privileged local system account.
> For demonstration or reproduce ...
>
> PoC: Script Code Inject
> "<h1>VL Tester</h1>
> “<iframe src=http://vuln-lab.com>>
> "<iframe src=vuln-lab.com onload=alert("VLab") <>
> "<script>alert(document.cookie)</script><div style="1
>
>
> Solution:
> =========
> The vulnerability can be patched by parsing the search string input field and result output (listing) web context.
>
>
> Risk:
> =====
> The security risk of the remote command execution vulnerability is estimated as high(+).
Given the required user interaction and privileged local system account and other operational dependancies, by what means did you estimate a "high" risk? I guess the basic question would be "how do you even classify this as a risk" in the first place. Do you have some system of calculating risk or is it just a "gut feeling" type classification?
t
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists