[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability
From: Research <research () vulnerability-lab ! com>
Date: 2012-04-29 3:50:54
Message-ID: 4F9CBA9E.2080800 () vulnerability-lab ! com
[Download RAW message or body]
Title:
======
C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability
Date:
=====
2012-04-24
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=484
VL-ID:
=====
484
Introduction:
=============
XPhone Unified Communications 2011 ist die leistungsstärkste Telefonie- und \
Kommunikationslösung von C4B. Sie ist leicht zu bedienen und verbessert die Arbeitsabläufe in \
Unternehmen. Die Lösung integriert sich nahtlos in bestehende Anwendungen und nutzt die \
vorhandene Telefonanlage und IT-Infrastruktur. Dabei werden die verschiedensten \
Kommunikationsmittel wie Telefon, Handy, Fax, Voicemail, SMS und Instant Messaging vereint und \
mit Präsenzinformationen kombiniert. Die Software stellt leistungsfähige Telefonie-Funktionen \
in praktisch allen Anwendungen wie z.B. Microsoft Outlook, Lotus Notes, \
Warenwirtschaftssystemen (ERP),
Kundendatenbanken (CRM) oder dem Webbrowser zur Verfügung. Die Verknüpfung von \
Telefonereignissen mit bestimmten Aktionen, z.B. Starten von Anwendungen, automatische \
Erstellung von Briefen oder Faxe u.v.m, verbessert die Arbeitsabläufe in Unternehmen spürbar.
(Copy of the Vendor Homepage: http://www.c4b.de )
Abstract:
=========
A Vulnerability Laboratory Researcher discovered a persistent Cross-Site Scripting \
vulnerability in C4B XPhone UC Web v4.1.890SR1.
Report-Timeline:
================
2012-04-24: Public or Non-Public Disclosure
Status:
========
Published
Affected Products:
==================
C4B
Product: XPhone UC Web v4.1.890SR1
Exploitation-Technique:
=======================
Remote
Severity:
=========
Medium
Details:
========
A persistent Cross-Site Scripting vulnerability has been detected on C4B XPhone UC Web \
v4.1.890SR1 and versions below. The bug allows an attacker to inject arbitrary script code on \
the application side (persistent) via for example a connected groupware application like \
Microsoft Outlook or IBM Lotus Notes. The injected script code is executed on every client who \
is searching for details of the manipulated user on the web application. Successful \
exploitation of the vulnerability can therefor lead to session hijacking or stable (persistent) \
context manipulation.
Vulnerable Module(s):
[+] Work => Home/Work => Company Name (Input)
[+] Contact Phone Listing => Company Name Display Conversation (Output)
Picture(s):
../1.png
../2.png
Proof of Concept:
=================
The vulnerability can be exploited by a remote attacker who is able to change his own Groupware \
details to inject arbitrary code like shown on the screenshots, which results in a persistent \
context manipulation ...
File: Client.aspx
<div id="XPhoneMCDivSearchDetails" style="display: block;" class="ai2" title="Anwesend (Bis auf \
Weiteres)" userguid="7c9064ab-d6ce-XXXX-XXXX-XXXXXXXXXXXX"> <strong>Julien Ahrens</strong>
<br>Vulnerability-Lab<br><iframe src="http://www.vulnerability-lab.com/index.php"></iframe>
</div>
<div id="XPhoneMCDivSearchDetails" style="display: block; " class="ai2" title="Anwesend (Bis \
auf Weiteres)" userguid="7c9064ab-d6ce-XXXX-XXXX-XXXXXXXXXXXX"> <strong>Julien \
Ahrens</strong><br> <a href="www.vulnerability-lab.com" \
onclick="javascript:alert(document.cookie)">Vulnerability-Lab</a> </div>
Risk:
=====
The security risk of the persistent cross site scripting vulnerability is estimated as medium.
Credits:
========
Vulnerability Research Laboratory - Julien Ahrens (MrTuxracer) [www.inshell.net]
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability-Lab disclaims all warranties, either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or \
its suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business profits or special damages, even if Vulnerability-Lab or its \
suppliers have been advised of the possibility of such damages. Some states do not allow the \
exclusion or limitation of liability for consequential or incidental damages so the foregoing \
limitation may not apply. Any modified copy or reproduction, including partially usages, of \
this file requires authorization from Vulnerability- Lab. Permission to electronically \
redistribute this alert in its unmodified form is granted. All other rights, including the use \
of other media, are reserved by Vulnerability-Lab or its suppliers.
Copyright © 2012 Vulnerability-Lab
--
VULNERABILITY RESEARCH LABORATORY TEAM
Website: www.vulnerability-lab.com
Mail: research@vulnerability-lab.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic