Adiscan LogAnalyzer 3.4.3 Cross Site Scripting

2012-06-22 / 2012-08-08
Credit: Sooraj K.S SecPod Technologies
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2012-3790
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

############################################################################## # # Title : Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability # Author : Sooraj K.S SecPod Technologies (www.secpod.com) # Vendor : http://loganalyzer.adiscon.com/ # Advisory : http://secpod.org/blog/?p=504 # : http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt # Software : LogAnalyzer 3.4.3 # Date : 30/05/2012 # ############################################################################### SecPod ID: 1041 30/05/2012 Issue Discovered 19/06/2012 Vendor Notified 19/06/2012 Vendor Acknowledge 20/06/2012 Issue Resolved Class: Cross-Site Scripting Severity: Medium Overview: --------- Adiscon LogAnalyzer is prone to cross-site scripting vulnerability. Technical Description: ---------------------- Adiscon LogAnalyzer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Input passed via the 'highlight' parameter in index.php is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentication credentials and to launch other attacks. The vulnerability has been tested in LogAnalyzer 3.4.3. Other versions may also be affected. Impact: -------- Successful exploitation allows an attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. Affected Software: ------------------ LogAnalyzer 3.4.3 and prior. Reference: --------- http://secpod.org/blog/?p=504 http://loganalyzer.adiscon.com http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter Proof of Concept: ----------------- http://www.example.com/?search=Search&highlight="<script>alert(document.cookie)</script> Solution: ---------- Update LogAnalyzer to version 3.4.4 or higher. Risk Factor: ------------- CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = MEDIUM AUTHENTICATION = NONE CONFIDENTIALITY_IMPACT = NONE INTEGRITY_IMPACT = PARTIAL AVAILABILITY_IMPACT = NONE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) Credits: -------- Sooraj K.S of SecPod Technologies has been credited with the discovery of this vulnerability.

References:

http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top