Advisory
ID: OS001
Product: ASPmyAdmin
Created
by: Sukalyan Chakraborty
Vulnerable Version(s): NA
Tested Version: NA
Vulnerable Version(s): NA
Tested Version: NA
Vulnerability Type: Reflected Cross-Site Scripting [CWE-712]
Public
Disclosure: October 10, 2012
Vendor
status : Notified
CVSS Base Score :5.8
CVSS Base Score :5.8
CVSS
Temporal Score 5.8
CVSS
Environmental Score 7.5
Researcher:
Alfredo García, Senior Security Consultant @ Open-sec (
http://www.open-sec.com/ )
Advisory Details :
Advisory Details :
Alfredo García, Senior Security Consultant at Open-Sec discovered a vulnerability in ASPmyAdmin, which can be exploited to perform Multiple Cross-Site Scripting (XSS) and arbitrary HTML injection attacks.
Vulnerability Description : Multiple Cross-Site Scripting (XSS) in ASPmyAdmin:
ASPMyAdmin
includes ASP scripts that fail to adequately sanitize output strings
coming from user-supplied input . By leveraging this issue, an
attacker may be able inject arbitrary HTML and Javascript code to be
executed in a user's browser within the security context of the
affected victim.
At
least, the following scripts are vulnerable using the dbName
parameter through GET :
db_info.asp
db_table.asp
db_view.asp
db_procedure.asp
db_sql.asp
db_drop.asp
Examples
of URLs that lead to exploit this vulnerability are :
http://www.host.com/db_table.asp?dbName=<script>alert(document.cookie)</script>
http://www.host.com/db_procedure.asp?dbName=<script>window.alert('Open-Sec')</script>
Impact
: Victims are exposed to unwanted
content, modified content, redirection to other site and/or content,
user's session cookies stealing, browser-based attacks,
etc.
Solution:
To fix this kind of vulnerability (XSS), you colud establish a web application firewall, but, actually, you must validate all output strings. You must validate that the output is the type, length and format are the expected ones. For more information on prevention, visit :https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
Solution:
To fix this kind of vulnerability (XSS), you colud establish a web application firewall, but, actually, you must validate all output strings. You must validate that the output is the type, length and format are the expected ones. For more information on prevention, visit :https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
Also,
check out the following link to implement web application security
based on
ESAPI
https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
Contact Information : For additional details, feel free to contact Alfredo Garcia at agarcia@open-sec.com
About Open-Sec :
Open-Sec
is a Perú based company focused on penetration testing and security
incidents investigation services. With customers at Perú, Ecuador,
Panamá and Honduras, Open-Sec provides consulting services through a
team of certified and experienced consultants.
Disclaimer:
The information provided in this Advisory is provided "as is"
and without any warranty of any kind. Details of this Advisory may be
updated in order to provide as accurate information as possible.
No hay comentarios:
Publicar un comentario