ARISg5 (Version 5.0) Cross Site Scripting Vulnerability

2010-06-03 / 2010-06-04
Credit: lament
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2010-2130
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

========================================= Yaniv Miron aka "Lament" Advisory Feb 24, 2010 ARISg5 (Version 5.0) Cross Site Scripting Vulnerability ========================================= ======================================================================== ================== Application name: ARISg5 (arisglobal) Version: 5.0 Class: Input Validation Error Type: Cross Site Scripting (XSS) Remote: Yes Credit: Yaniv Miron aka "Lament" Exploit: http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error Message<script>alert('Malicious XSS Code')</script> Yaniv Miron aka "Lament". lament (at) ilhack (dot) org [email concealed] ======================================================================== ================== ===================== I. BACKGROUND ===================== ARISg? - Adverse Drug Event Reporting pharmacovigilance and safety ARISg is the world's leading pharmacovigilance and clinical safety system for good reason, with more than 300 life-sciences companies maintaining their critical safety data in ARISg worldwide. http://www.arisglobal.com/products/arisg.php ===================== II. DESCRIPTION ===================== 1. A malicious attacker may inject scripts into the "errmsg" parameter in the ARISg5 (Version 5.0) application. 2. A malicious attacker may Inject his own error message using the "errmsg" parameter and create a phishing attack using the ARISg5 (Version 5.0) application ===================== III. ANALYSIS ===================== 1. Exploitation of this vulnerability results in the execution of arbitrary code using a malicious link. 2. Exploitation of this vulnerability results in creation of a phishing page using the original ARISg5 (Version 5.0) application error page. ===================== IV. EXPLOIT ===================== http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error Message<script>alert('Malicious XSS Code')</script> ===================== V. DISCLOSURE TIMELINE ===================== Jan 2009 Vulnerability found Jan 2009 Vendor Notification Feb 2010 Vendor Notification (Before Disclosure) Feb 2010 Public Disclosure ===================== VI. CRETID ===================== Yaniv Miron aka "Lament". lament (at) ilhack (dot) org [email concealed]

References:

http://www.securityfocus.com/bid/38441
http://www.securityfocus.com/archive/1/archive/1/509770/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/509758/100/0/threaded
http://secunia.com/advisories/38793
http://packetstormsecurity.org/1002-exploits/arisg5-xss.txt
http://osvdb.org/62665


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top