Symantec Web Gateway 5.1.1.24 Cross Site Scripting

2014.02.11
Credit: William Costa
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in Symantec WEB Gateway 5.1.1.24 II. BACKGROUND ------------------------- Symantec Corporation is an American computer security, backup and availability solutions software corporation headquartered in Mountain View, California, United States. It is a Fortune 500 company and a member of the S&P 500 stock market index III. DESCRIPTION ------------------------- Has been detected a Reflected XSS vulnerability in Symantec Web Gateway. The code injection is done through the parameter "operand[]" in the page "/spywall/blacklist.php?variable[]=&operator[]=&operand[]=" IV. PROOF OF CONCEPT ------------------------- The application does not validate the parameter "operand[]" correctly. https://10.200.210.144/spywall/blacklist.php?variable[]=&operator[]=&operand[]=jjjj'><script>alert(document.cookie);</script> V. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user's browser, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser allowing Cookie Theft/Session Hijacking, thus enabling full access the box. VI. SYSTEMS AFFECTED ------------------------- Tested Symantec Web Gateway Version: 5.1.1.24 VII. SOLUTION ------------------------- All data received by the application and can be modified by the user, before making any kind of transaction with them must be validated http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00 By William Costa william.costa@gmail.com

References:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top