I. VULNERABILITY
-------------------------
Reflected XSS Attacks vulnerabilities in Symantec WEB Gateway 5.1.1.24
II. BACKGROUND
-------------------------
Symantec Corporation is an American computer security, backup and
availability solutions software corporation headquartered in Mountain
View, California, United States. It is a Fortune 500 company and a
member of the S&P 500 stock market index
III. DESCRIPTION
-------------------------
Has been detected a Reflected XSS vulnerability in Symantec Web Gateway.
The code injection is done through the parameter "operand[]" in the
page "/spywall/blacklist.php?variable[]=&operator[]=&operand[]="
IV. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter "operand[]" correctly.
https://10.200.210.144/spywall/blacklist.php?variable[]=&operator[]=&operand[]=jjjj'><script>alert(document.cookie);</script>
V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, that allows the execution of arbitrary HTML/script
code to be executed in the context of the victim user's browser
allowing Cookie Theft/Session Hijacking, thus enabling full access the
box.
VI. SYSTEMS AFFECTED
-------------------------
Tested Symantec Web Gateway Version: 5.1.1.24
VII. SOLUTION
-------------------------
All data received by the application and can be modified by the user,
before making any kind of transaction with them must be validated
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00
By William Costa
william.costa@gmail.com