lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAOmMdVs5k3LUyPZQyhOTtJ=vigZROv84kqdGRR5x7tOhzpyStQ@mail.gmail.com>
Date: Thu, 18 Sep 2014 14:16:29 -0300
From: William Costa <william.costa@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3
	(CVE-2014-6413)

I. VULNERABILITY

Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3

II. BACKGROUND
-------------------------
WatchGuard builds affordable, all-in-one network and content security
solutions to provide defense in depth for corporate content, networks
and the businesses they power.

III. DESCRIPTION
-------------------------
Has been detected a Reflected XSS vulnerability in XTM WatchGuard.
The code injection is done through the parameter "poll_name" in the
page “/firewall/policy?pol_name=(HERE XSS)”

IV. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter “poll_name” correctly.
https://10.200.210.100:8080/network/dynamic_dns_config?intf=aaaa<scrip
t>alert(document.cookie)</script>

V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, that allows the execution of arbitrary HTML/script
code to be executed in the contex
t of the victim user's browser allowing Cookie Theft/Session
Hijacking, thus enabling full access the box.

VI. SYSTEMS AFFECTED
-------------------------
Tested WatchGuard XTM Version: 11.8.3 (Build 446065)
VII. SOLUTION
-------------------------
All data received by the application and can be modified by the user,
before making any kind of transaction with them must be validated

By William Costa
william.costa@...il.com

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ