========================================= Yaniv Miron aka "Lament" Advisory March 12, 2010 Aris AGX agXchange ESM Open Redirection Vulnerability ========================================= ===================== I. BACKGROUND ===================== E2B safety submissions module. When it comes to the electronic submission of safety data using the E2B format, meeting the often complicated and complex requirements from different regulatory agencies�MEA, MHLW, FDA and other NCAs�an be a challenge that consumes vast amounts of time, effort and resources. http://www.arisglobal.com/products/agxchange_esm.php ===================== II. DESCRIPTION ===================== A malicious attacker may redirect users from the agXchange ESM module in the Aris AGX application. ===================== III. ANALYSIS ===================== Exploitation of this vulnerability results in the redirection of users using a malicious link. ===================== IV. EXPLOIT ===================== http://www.example.com/[agx_application]/pages/ucschcancelproc.jsp?returnpage=http://www.RedirectExample.com ===================== V. DISCLOSURE TIMELINE ===================== Jan 2009 Vulnerability found Jan 2009 Vendor Notification March 2010 Public Disclosure ===================== VI. CREDIT ===================== Yaniv Miron aka "Lament". lament@ilhack.org