Aris AGX agXchange ESM Open Redirection Vulnerability

2010.03.23
Credit: Lament
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

========================================= Yaniv Miron aka "Lament" Advisory March 12, 2010 Aris AGX agXchange ESM Open Redirection Vulnerability ========================================= ===================== I. BACKGROUND ===================== E2B safety submissions module. When it comes to the electronic submission of safety data using the E2B format, meeting the often complicated and complex requirements from different regulatory agencies�MEA, MHLW, FDA and other NCAs�an be a challenge that consumes vast amounts of time, effort and resources. http://www.arisglobal.com/products/agxchange_esm.php ===================== II. DESCRIPTION ===================== A malicious attacker may redirect users from the agXchange ESM module in the Aris AGX application. ===================== III. ANALYSIS ===================== Exploitation of this vulnerability results in the redirection of users using a malicious link. ===================== IV. EXPLOIT ===================== http://www.example.com/[agx_application]/pages/ucschcancelproc.jsp?returnpage=http://www.RedirectExample.com ===================== V. DISCLOSURE TIMELINE ===================== Jan 2009 Vulnerability found Jan 2009 Vendor Notification March 2010 Public Disclosure ===================== VI. CREDIT ===================== Yaniv Miron aka "Lament". lament@ilhack.org


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top