lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 03 Dec 2012 15:06:41 +0100
From: Vulnerability Lab <research@...nerability-lab.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Apple WGT Dictionnaire 1.3 - Script Code
	Inject Vulnerability

Am 01.12.2012 18:33, schrieb Vulnerability Lab:
> Thanks for the response! We are working on a better automatic scoring
> bound to the risk system vector calculation of our db. Its all bound and
> normally a moderator check the content but after a ddos last week we
> missed to checkthe issue again. We are only human and mistakes happen
> can ... thanks.
>
> Update ...
>
> Title:
> ======
> Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability
>
>
> Date:
> =====
> 2012-11-27
>
>
> References:
> ===========
> http://www.vulnerability-lab.com/get_content.php?id=774
>
>
> VL-ID:
> =====
> 774
>
>
> Common Vulnerability Scoring System:
> ====================================
> 1.3
>
>
> Introduction:
> =============
> http://www.apple.com/downloads/dashboard/reference/dictionnaire.html
>
>
> Abstract:
> =========
> The Vulnerability Laboratory Research Team discovered a script code inject vulnerability in Apples (MacOSx) Widget Dictionnaire v1.3 software. 
>
>
> Report-Timeline:
> ================
> 2012-11-27:	Public Disclosure
>
>
> Status:
> ========
> Published
>
>
> Exploitation-Technique:
> =======================
> Local
>
>
> Severity:
> =========
> Low
>
>
> Details:
> ========
> A persistent script code inject vulnerability is detected in the Dictionnaire, Dictionary of the French language based on TLFi (in French), Software. 
> The vulnerability allows a local attacker execute malicious codes to compromise the connected client system in the lan. The command execution 
> vulnerability is located in the search field of the Dictionnaire module. The malicious injected script code will be directly executed out of 
> the result field. Successful exploitation of the vulnerability results in system compromise via script code injections, persistent software 
> context manipulation, external malware loads or malicious external redirects. 
>
> Vulnerable Software Module(s):
> 					[+] Search Box
>
> Vulnerable Software Parameter(s):
> 					[+] Search Field
>
>
> Proof of Concept:
> =================
> The software validation vulnerability can be exploited by local attackers with required user interaction and privileged local system account.
> For demonstration or reproduce ...
>
> PoC: Script Code Inject
> "<h1>VL Tester</h1>
> “<iframe src=http://vuln-lab.com>>
> "<iframe src=vuln-lab.com onload=alert("VLab") <>
> "<script>alert(document.cookie)</script><div style="1
>
>
> Solution:
> =========
> The vulnerability can be patched by parsing the search string input field and result output (listing) web context.
>
>
> Risk:
> =====
> The security risk of the remote command execution vulnerability is estimated as low.
>
>
> Credits:
> ========
> Vulnerability Laboratory [Research Team] - Ibrahim El-Sayed (the_storm) [storm@...nerability-lab.com] [iel-sayed.blogspot.com]
>
>
>
> Disclaimer:
> ===========
> The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, 
> either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
> profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
> states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
> may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases 
> or trade with fraud/stolen material.
>
> Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       - www.vulnerability-lab.com/register
> Contact:    admin@...nerability-lab.com 	- support@...nerability-lab.com 	       - research@...nerability-lab.com
> Section:    video.vulnerability-lab.com 	- forum.vulnerability-lab.com 		       - news.vulnerability-lab.com
> Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       - youtube.com/user/vulnerability0lab
> Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   - vulnerability-lab.com/rss/rss_news.php
>
> Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. 
> Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other 
> media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and 
> other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), 
> modify, use or edit our material contact (admin@...nerability-lab.com or support@...nerability-lab.com) to get a permission.
>
>     				   	Copyright © 2012 | Vulnerability Laboratory
>


-- 
VULNERABILITY RESEARCH LABORATORY
LABORATORY RESEARCH TEAM
CONTACT: research@...nerability-lab.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists