Bug: ZYWALL Referer Header XSS Vulnerability ( Ascii Version )

Search:
WLB2

ZYWALL Referer Header XSS Vulnerability

Published
Credit
Risk
2008.05.14
Deniz Cevik
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2008-2167
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

Affected Software/Device: Zyxel ZYWall 100

Vulnerability: Cross Site Scripting

Risk: Low

Description: The ZyWALL 100 is designed to act as a secure gateway via
xDSL/Cable modems or broadband routers for small to medium size
companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN
capability, MultiNAT, web pages content filtering and an embedded web
configurator for easy configuration and management.

ZyWALL web based management interface utilizes referer header for
serving 404 Error pages. The vulnerability can be exploited by
requesting a non-existing web page with a specially crafted referer
header. As the application does not properly sanitize the data contained
in the referer header, desired script code can be run on client browser.

Sample Request:

GET /blah.htm HTTP/1.1
Host: www.site.com
Referer: blaaaa"><script>alert(12345)</script>aaaah.htm

Deniz CEVIK
www.intellectpro.com.tr

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version