Title: Cross-Site Scripting Vulnerability on Ipanema Ip|Reporter web v7.1
Release date: 22/04/2013
Last update: 30/08/2013
Credits: Cersosimo Fiorenzo (Emaze Networks S.p.A.)
Release date: 22/04/2013
Last update: 30/08/2013
Credits: Cersosimo Fiorenzo (Emaze Networks S.p.A.)
Vulnerability Information
Class: Input Validation Vulnerability, Cross-site Scripting
CVE: 2013-3296
Affected Software
We confirm the presence of the security vulnerability
on the following product version:
Ip|reporter web can be exploited to cause a disclosure of the user’s session cookie, allowing an attacker to hijack the user session and take over the account. The vulnerability is on the page help.jsp, in the params displetid.
- Ip|Reporter Web v7.1
Ip|reporter web can be exploited to cause a disclosure of the user’s session cookie, allowing an attacker to hijack the user session and take over the account. The vulnerability is on the page help.jsp, in the params displetid.
A proof of concept of the Reflected Cross-Site
Scripting follows:
- https://[host]/salsa/ipreporter_portal/[domain]/portal/help.jsp?rubricId=15;&displetid=164;%22%3C/script%3E%3Cscript%3Ealert%28123%29%3C/script%3E&parentid=150
Remediation
Patch is available on the support web site.
Report Timeline
22/04/2013 - Vulnerability found.
23/04/2013 - Author sends a detailed email describing
the vulnerability to the customer.
23/04/2013 - Customer sends the detail to the Vendor.
29/04/2013 - Vendor opens a ticket to the supplier of the specific component.
17/06/2013 - Author sends an email to ask for an update.
17/06/2013 - Author sends an email to ask for an update.
18/07/2013 - Vendor replies that the patch has been released.
30/08/2013 - Author notifies the intention to disclosure.
06/09/2013 - Disclosure.
30/08/2013 - Author notifies the intention to disclosure.
06/09/2013 - Disclosure.
Copyright
Copyright(c)
Emaze Networks S.p.A. 2013, All rights reserved worldwide. Permission is hereby
granted to redistribute this advisory, providing that no changes are made and
that the copyright notices and disclaimers remain intact.
Disclaimer
Emaze Networks
S.p.A. is not responsible for the misuse of the information provided in our
security advisories. These advisories are a service to the professional
security community.
There are NO WARRANTIES with regard to this information. Any application or distribution of this information constitutes acceptance AS IS, at the user's own risk. This information is subject to change without notice.
There are NO WARRANTIES with regard to this information. Any application or distribution of this information constitutes acceptance AS IS, at the user's own risk. This information is subject to change without notice.
No comments:
Post a Comment