Full Disclosure mailing list archives
Re: Cisco ASA VPN - Zero Day Exploit
From: Joey Maresca <jmaresca () gmail com>
Date: Mon, 22 Feb 2016 08:19:24 -0600
According to Cisco it is CVE-2014-2120, which indicates that much like the code sort of gave away, it is a bad attempt by a 1337 hax0r to push their crappy 'exploitpack.com' instead of you know, finding anything useful. Indeed it is a damn XSS with minimal utility. The crappy code is just the icing on the cake that only tastes better when you realize he is over a year late on his '0-Day'. In fact, his code is so crappy it will pop on any box because he is searching for his name, which would be returned no matter what, because the username field gets populated on the password reset page as a hidden variable. Furthermore, searching for the name is pointless because it doesn't determine if the script is actually santized, which it will be on any patches system (patched WAY before this 'exploit') because if you actually print the server response, you'll see how they handled the username to prevent the script from being executed. On Mon, Feb 22, 2016 at 4:34 AM, Daniel Hadfield <dan () pingsweep co uk> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Is there a CVE ID for this? Also what firmware does this effect? I tested this and the input gets HTML encoded so is nulled. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWyuREAAoJEFrCzlP2l9LQ5NAQAI5inAIprg6bkdqN6lvboHUA Unhp+Kdpg3q71WlHqFYLxFMQ5OnUDSKMkR4Gn3j0FBQn4oYCPIUjp7BHw01FDnXg I1Eyg8F9KHSYuQkFmijTDuNL0SRJ1JsRbtAaIhTCXvM5jB9FQfgvbXwPoKALEH9W S54fnPAmsCyNd6+y1To8wt2JDW+ZomLQEApSL8zwgU37qJVtv0y+kOc46jgADJwq TixhBBXw0GJen9gVWWQEDhK7zncft96PODbjgIdMb2lL+164G/AAj4VopmqPzNIb EUrvPgB9lUkSQFxbZI4GooEdNbt6UKgyQRbGcftkNF0wrs59fdkRn8+bRiQyJcJu /xLX+sOXphe4Dhjj05n6Ejsy5jugLAhMoRkBdxJlJHODjx4Uk8kt84Xh3sQyRo5o se5vGxXOEn+rlxteHWQEb6KwskSeyBcZXMUi+UK++UOr2IvigMjfWQ5B0CWo7Ws+ GTH8lI82gxkM2M3o+NVxxRPP23KfiBmWkhxYm2bosD+Y6qrv4M5cfEEwI/BK3O7d YRInIEEGDrZKXlrr8gArVJVIDXrslCW5USH6ypHdxEelYv5PLdOy1W617gPGxVlx /x96gE2404N4tvTH8rb9UUFWf+E8lT8sgtyivK9rtwMAQr2yG5FM1SOsS3V2iO7/ /PPfXGv3BCclSfI63O7q =UjVE -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Cisco ASA VPN - Zero Day Exploit Juan Sacco (Feb 18)
- Re: Cisco ASA VPN - Zero Day Exploit Joey Maresca (Feb 22)
- Re: Cisco ASA VPN - Zero Day Exploit Mark-David McLaughlin (marmclau) (Feb 22)
- Re: Cisco ASA VPN - Zero Day Exploit Daniel Hadfield (Feb 22)
- Re: Cisco ASA VPN - Zero Day Exploit Joey Maresca (Feb 25)