I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in Symantec WEB Gateway 5.1.1.24 II. BACKGROUND ------------------------- Symantec Corporation is an American computer security, backup and availability solutions software corporation headquartered in Mountain View, California, United States. It is a Fortune 500 company and a member of the S&P 500 stock market index III. DESCRIPTION ------------------------- Has been detected a Reflected XSS vulnerability in Symantec Web Gateway. The code injection is done through the parameter "operand[]" in the page "/spywall/blacklist.php?variable[]=&operator[]=&operand[]=" IV. PROOF OF CONCEPT ------------------------- The application does not validate the parameter "operand[]" correctly. https://10.200.210.144/spywall/blacklist.php?variable[]=&operator[]=&operand[]=jjjj'><script>alert(document.cookie);</script> V. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user's browser, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser allowing Cookie Theft/Session Hijacking, thus enabling full access the box. VI. SYSTEMS AFFECTED ------------------------- Tested Symantec Web Gateway Version: 5.1.1.24 VII. SOLUTION ------------------------- All data received by the application and can be modified by the user, before making any kind of transaction with them must be validated http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00 By William Costa william.costa@gmail.com