Full Disclosure mailing list archives
Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 (CVE-2014-6413)
From: William Costa <william.costa () gmail com>
Date: Thu, 18 Sep 2014 14:16:29 -0300
I. VULNERABILITY Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 II. BACKGROUND ------------------------- WatchGuard builds affordable, all-in-one network and content security solutions to provide defense in depth for corporate content, networks and the businesses they power. III. DESCRIPTION ------------------------- Has been detected a Reflected XSS vulnerability in XTM WatchGuard. The code injection is done through the parameter "poll_name" in the page “/firewall/policy?pol_name=(HERE XSS)” IV. PROOF OF CONCEPT ------------------------- The application does not validate the parameter “poll_name” correctly. https://10.200.210.100:8080/network/dynamic_dns_config?intf=aaaa<scrip t>alert(document.cookie)</script> V. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user's browser, that allows the execution of arbitrary HTML/script code to be executed in the contex t of the victim user's browser allowing Cookie Theft/Session Hijacking, thus enabling full access the box. VI. SYSTEMS AFFECTED ------------------------- Tested WatchGuard XTM Version: 11.8.3 (Build 446065) VII. SOLUTION ------------------------- All data received by the application and can be modified by the user, before making any kind of transaction with them must be validated By William Costa william.costa () gmail com _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 (CVE-2014-6413) William Costa (Sep 18)