lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAOmMdVtKRiPB9AN1_XhjUFr36f+RK8qwYu4TNiom_SxNX0FybQ@mail.gmail.com>
Date: Sat, 15 Mar 2014 08:42:34 -0300
From: William Costa <william.costa@...il.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Reflected XSS Attacks XSS vulnerabilities in
	Webmin 1.670 (CVE-2014-0339)

I. VULNERABILITY

-------------------------

Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670

II. BACKGROUND

-------------------------

Webmin is a web-based interface for system administration for Unix.
Using any modern web browser, you can setup user accounts, Apache,
DNS, file sharing and much more. Webmin removes the need to manually
edit Unix configuration files like /etc/passwd, and lets you manage a
system from the console or remotely. See the standard modules page for
a list of all the functions built into Webmin, or check out the
screenshots.




III. DESCRIPTION

-------------------------

Has been detected a Reflected XSS vulnerability in Webmin 1.670 in
page of log, that allows the execution of arbitrary HTML/script code
to be executed in the context of the victim user's browser.
The code injection is done through the parameter "search" in page
https://IP:10000/webminlog/view.cgi?id=1&search=



IV. PROOF OF CONCEPT

-------------------------

https://192.168.49.132:10000/webminlog/view.cgi?id=1&search=e"><script>alert(document.cookie);</script>



V. BUSINESS IMPACT

-------------------------

An attacker can execute arbitrary HTML or script code in a targeted

user's browser, this can leverage to steal sensitive information as
user credentials, personal data, etc.





VI. SYSTEMS AFFECTED

-------------------------



Webmin version 1.670 install in Debian





VII. SOLUTION

-------------------------

All data received by the application and can be modified by the user,

before making any kind of transaction with them must be validated.

VIII. References
-------------------------
http://www.kb.cert.org/vuls/id/381692
http://www.webmin.com/changes.html

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ