'[Full-disclosure] Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability
From:       Vulnerability Lab <research () vulnerability-lab ! com>
Date:       2012-12-27 19:08:39
Message-ID: 50DC9CB7.9040305 () vulnerability-lab ! com
[Download RAW message or body]

Title:
======
Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability


Date:
=====
2012-12-20


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=792
Vendor: http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-oracle_query-paramater



VL-ID:
=====
792


Common Vulnerability Scoring System:
====================================
1.5


Introduction:
=============
LogAnalyzer is part of Adiscon`s MonitorWare line of monitoring applications. It runs both \
under Windows and Unix/Linux.  The database can be populated by MonitorWare Agent, WinSyslog or \
EventReporter on the Windows side and by rsyslog on  the Unix/Linux side. LogAnalyzer itself is \
free, GPLed software (as are some other members of the product line).

(Copy of the Vendor Homepage: http://loganalyzer.adiscon.com/ )


Abstract:
=========
An independent vulnerability laboratory researcher discovered a cross site scripting \
vulnerability in the log analyzer v3.6.0 web application.


Report-Timeline:
================
2012-12-20:	Public or Non-Public Disclosure


Status:
========
Published


Exploitation-Technique:
=======================
Remote


Severity:
=========
Low


Details:
========
A client side cross-site scripting vulnerability is detected in the LogAnalyzer 3.6.0 web \
application. The vulnerability allows an remote attacker with high required user interaction to \
force client side xss requests.

The vulnerability is located in the asktheoracle.php file with the bound vulnerable \
oracle_query parameter request.  An attackers can force client side requests to execute \
arbitrary script code by using the oracle_query parameter.

Successful exploitation of the vulnerability results in client side execution of inject script, \
client side phishing, client side module context manipulation and evil unautorized external \
redirects.

Vulnerable File(s):
				[+] asktheoracle.php

Vulnerable Parameter(s):
				[+] oracle_query


Proof of Concept:
=================
The client side cross site scripting vulnerability can be exploited by remote attackers with \
medium or high required user interaction  and without privileged application user account.

http://192.168.1.10:8080/loganalyzer-3.6.0/asktheoracle.php?type=searchstr&oracle_query=[CLIENT \
SIDE SCRIPT CODE!]

Note: The 'oracle_query' parameter didn't sanitize properly for asktheoracle.php page.


Solution:
=========
Upgrade to the latest version of Log Analyzer 3.6.1


Risk:
=====
The security risk of the client side cross site scripting web vulnerability is estimated as \
low(+)


Credits:
========
Mohd Izhar Ali - [http://johncrackernet.blogspot.com]


Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability-Lab disclaims all warranties,  either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or \
its suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business  profits or special damages, even if Vulnerability-Lab or its \
suppliers have been advised of the possibility of such damages. Some  states do not allow the \
exclusion or limitation of liability for consequential or incidental damages so the foregoing \
limitation  may not apply. We do not approve or encourage anybody to break any vendor licenses, \
policies, deface websites, hack into databases  or trade with fraud/stolen material.

Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       - \
                www.vulnerability-lab.com/register
Contact:    admin@vulnerability-lab.com 	- support@vulnerability-lab.com 	       - \
                research@vulnerability-lab.com
Section:    video.vulnerability-lab.com 	- forum.vulnerability-lab.com 		       - \
                news.vulnerability-lab.com
Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       - \
                youtube.com/user/vulnerability0lab
Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   - \
vulnerability-lab.com/rss/rss_news.php

Any modified copy or reproduction, including partially usages, of this file requires \
authorization from Vulnerability Laboratory.  Permission to electronically redistribute this \
alert in its unmodified form is granted. All other rights, including the use of other  media, \
are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, \
advisories, sourcecode, videos and  other information on this website is trademark of \
vulnerability-lab team & the specific authors or managers. To record, list (feed),  modify, use \
or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to \
get a permission.

    				   	Copyright © 2012 | Vulnerability Laboratory



-- 
VULNERABILITY RESEARCH LABORATORY
LABORATORY RESEARCH TEAM
CONTACT: research@vulnerability-lab.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic