lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 10 Mar 2013 21:49:25 +0100
From: ISecAuditors Security Advisories <advisories@...cauditors.com>
To: bugs@...uritytracker.com, news@...uriteam.com, 
 full-disclosure@...ts.grok.org.uk, vuln@...unia.com, 
 packet@...ketstormsecurity.org, bugtraq@...urityfocus.com
Cc: advisories@...cauditors.com
Subject: [ISecAuditors Security Advisories] Reflected XSS
 in Asteriskguru Queue Statistics

=============================================
INTERNET SECURITY AUDITORS ALERT 2013-002
- Original release date: January 22nd, 2013
- Last revised:  March 10th, 2013
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
-------------------------
Reflected XSS in Asteriskguru Queue Statistics.

II. BACKGROUND
-------------------------
The Asteriskguru Queue Statistics, is a PHP based program, which gives
anyone who uses queues or CDRs overview in Asterisk a deep insight in
the quality of the service which is delivered to their customers. It
is fully developed by the Asteriskguru developers.

III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in Asteriskguru Queue
Statistics , that allows the execution of arbitrary HTML/script code
to be executed in the context of the victim user's browser.

The code injection is done through the parameter warning in the page
error.php.

IV. PROOF OF CONCEPT
-------------------------
Malicious Request:
http://vulnerablesite.com/public/error.php?warning=<XSS injection>

Example:
http://vulnerablesite.com/public/error.php?warning=<script>alert("XSS")</script>

V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, this can leverage to steal sensitive information as
user credentials, personal data, etc.

VI. SYSTEMS AFFECTED
-------------------------
All Versions of Asteriskguru Queue Statistics.

VII. SOLUTION
-------------------------
All data received by the application and can be modified by the user,
before making any kind of transaction with them must be validated.

VIII. REFERENCES
-------------------------
http://www.asteriskguru.com/tools/queue_stats.php
http://www.isecauditors.com

IX. CREDITS
-------------------------
This vulnerability has been discovered
by Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com).

X. REVISION HISTORY
------------------------
January   22, 2013: Initial release

XI. DISCLOSURE TIMELINE
-------------------------
January 22, 2013:   Vulnerability acquired by
                    Internet Security Auditors (www.isecauditors.com)
January - February: Attempts to contact someone managing
                    the project without answer.
March   10, 2013:   Send to lists.

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse of this information.

XIII. ABOUT
-------------------------
Internet Security Auditors is a Spain based leader in web application
testing, network security, penetration testing, security compliance
implementation and assessing. Our clients include some of the largest
companies in areas such as finance, telecommunications, insurance,
ITC, etc. We are vendor independent provider with a deep expertise
since 2001. Our efforts in R&D include vulnerability research, open
security project collaboration and whitepapers, presentations and
security events participation and promotion. For further information
regarding our security services, contact us.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ