Full Disclosure mailing list archives
Re: Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Wed, 28 Nov 2012 11:40:52 -0800
On Nov 27, 2012, at 5:52 PM, Vulnerability Lab <research () vulnerability-lab com> wrote:
Proof of Concept: ================= The software validation vulnerability can be exploited by local attackers with required user interaction and privileged local system account. For demonstration or reproduce ... PoC: Script Code Inject "<h1>VL Tester</h1> “<iframe src=http://vuln-lab.com>> "<iframe src=vuln-lab.com onload=alert("VLab") <> "<script>alert(document.cookie)</script><div style="1 Solution: ========= The vulnerability can be patched by parsing the search string input field and result output (listing) web context. Risk: ===== The security risk of the remote command execution vulnerability is estimated as high(+).
Given the required user interaction and privileged local system account and other operational dependancies, by what means did you estimate a "high" risk? I guess the basic question would be "how do you even classify this as a risk" in the first place. Do you have some system of calculating risk or is it just a "gut feeling" type classification? t _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability Vulnerability Lab (Nov 28)
- Re: Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability Thor (Hammer of God) (Nov 28)