| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DB9PR06MB7212818AE38F4D94C49F9EB5F69A2@DB9PR06MB7212.eurprd06.prod.outlook.com> Date: Tue, 10 Sep 2024 12:15:17 +0000 From: RUBEN LOPEZ HERRERA <ruben.lopezherrera@...efonica.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Method Authentication Tested Version(s): 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting (XSS) Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution Date: N/A Public Disclosure: 2024-09-17 CVE Reference: CVE-2024-25282 Overview: 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication. This vulnerability allows remote attackers to hijack the form action and change the destination website via the params parameter, which is base64 encoded and improperly sanitized. Vulnerability Details: The issue arises because the params parameter in the 3DSMethod Authentication is not properly sanitized or validated before being processed. Attackers can inject arbitrary HTML elements into the DOM, modifying the website's appearance or executing malicious code in the victim's browser. Additionally, the integrity of the base64-encoded information is not checked, making it vulnerable to manipulation in a man-in-the-middle attack. Proof of Concept (PoC): By altering the params parameter in the request URL, an attacker can modify base64-encoded values and inject malicious code. For example: https://[REDACTED]/[REDACTED]/rest/online/[REDACTED]/redirect?action=challenge&txn=[REDACTED]¶ms=[REDACTED]" Solution: Currently, no solution is available. Redsys has been notified of the issue, but no patch has been released as of the date of this advisory. References: OWASP Web Security Testing Guide: Reflected Cross-Site Scripting Discoverer: Reported by Rubén López Herrera ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is confidential and privileged information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists