[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability
From: Vulnerability Lab <research () vulnerability-lab ! com>
Date: 2012-12-27 19:08:39
Message-ID: 50DC9CB7.9040305 () vulnerability-lab ! com
[Download RAW message or body]
Title:
======
Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability
Date:
=====
2012-12-20
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=792
Vendor: http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-oracle_query-paramater
VL-ID:
=====
792
Common Vulnerability Scoring System:
====================================
1.5
Introduction:
=============
LogAnalyzer is part of Adiscon`s MonitorWare line of monitoring applications. It runs both \
under Windows and Unix/Linux. The database can be populated by MonitorWare Agent, WinSyslog or \
EventReporter on the Windows side and by rsyslog on the Unix/Linux side. LogAnalyzer itself is \
free, GPLed software (as are some other members of the product line).
(Copy of the Vendor Homepage: http://loganalyzer.adiscon.com/ )
Abstract:
=========
An independent vulnerability laboratory researcher discovered a cross site scripting \
vulnerability in the log analyzer v3.6.0 web application.
Report-Timeline:
================
2012-12-20: Public or Non-Public Disclosure
Status:
========
Published
Exploitation-Technique:
=======================
Remote
Severity:
=========
Low
Details:
========
A client side cross-site scripting vulnerability is detected in the LogAnalyzer 3.6.0 web \
application. The vulnerability allows an remote attacker with high required user interaction to \
force client side xss requests.
The vulnerability is located in the asktheoracle.php file with the bound vulnerable \
oracle_query parameter request. An attackers can force client side requests to execute \
arbitrary script code by using the oracle_query parameter.
Successful exploitation of the vulnerability results in client side execution of inject script, \
client side phishing, client side module context manipulation and evil unautorized external \
redirects.
Vulnerable File(s):
[+] asktheoracle.php
Vulnerable Parameter(s):
[+] oracle_query
Proof of Concept:
=================
The client side cross site scripting vulnerability can be exploited by remote attackers with \
medium or high required user interaction and without privileged application user account.
http://192.168.1.10:8080/loganalyzer-3.6.0/asktheoracle.php?type=searchstr&oracle_query=[CLIENT \
SIDE SCRIPT CODE!]
Note: The 'oracle_query' parameter didn't sanitize properly for asktheoracle.php page.
Solution:
=========
Upgrade to the latest version of Log Analyzer 3.6.1
Risk:
=====
The security risk of the client side cross site scripting web vulnerability is estimated as \
low(+)
Credits:
========
Mohd Izhar Ali - [http://johncrackernet.blogspot.com]
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability-Lab disclaims all warranties, either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or \
its suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business profits or special damages, even if Vulnerability-Lab or its \
suppliers have been advised of the possibility of such damages. Some states do not allow the \
exclusion or limitation of liability for consequential or incidental damages so the foregoing \
limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, \
policies, deface websites, hack into databases or trade with fraud/stolen material.
Domains: www.vulnerability-lab.com - www.vuln-lab.com - \
www.vulnerability-lab.com/register
Contact: admin@vulnerability-lab.com - support@vulnerability-lab.com - \
research@vulnerability-lab.com
Section: video.vulnerability-lab.com - forum.vulnerability-lab.com - \
news.vulnerability-lab.com
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - \
youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - \
vulnerability-lab.com/rss/rss_news.php
Any modified copy or reproduction, including partially usages, of this file requires \
authorization from Vulnerability Laboratory. Permission to electronically redistribute this \
alert in its unmodified form is granted. All other rights, including the use of other media, \
are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, \
advisories, sourcecode, videos and other information on this website is trademark of \
vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use \
or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to \
get a permission.
Copyright © 2012 | Vulnerability Laboratory
--
VULNERABILITY RESEARCH LABORATORY
LABORATORY RESEARCH TEAM
CONTACT: research@vulnerability-lab.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic