[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] Cisco ASA VPN - Zero Day Exploit
From: Joey Maresca <jmaresca () gmail ! com>
Date: 2016-02-22 14:19:24
Message-ID: CAOOpvAq52cOy2Fh+ku6OTu4Qm3yxbHh=ghU2EBGhpjamX2jp7w () mail ! gmail ! com
[Download RAW message or body]
According to Cisco it is CVE-2014-2120, which indicates that much like the
code sort of gave away, it is a bad attempt by a 1337 hax0r to push their
crappy 'exploitpack.com' instead of you know, finding anything useful.
Indeed it is a damn XSS with minimal utility. The crappy code is just the
icing on the cake that only tastes better when you realize he is over a
year late on his '0-Day'.
In fact, his code is so crappy it will pop on any box because he is
searching for his name, which would be returned no matter what, because the
username field gets populated on the password reset page as a hidden
variable. Furthermore, searching for the name is pointless because it
doesn't determine if the script is actually santized, which it will be on
any patches system (patched WAY before this 'exploit') because if you
actually print the server response, you'll see how they handled the
username to prevent the script from being executed.
On Mon, Feb 22, 2016 at 4:34 AM, Daniel Hadfield <dan@pingsweep.co.uk>
wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Is there a CVE ID for this?
>
> Also what firmware does this effect? I tested this and the input gets
> HTML encoded so is nulled.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJWyuREAAoJEFrCzlP2l9LQ5NAQAI5inAIprg6bkdqN6lvboHUA
> Unhp+Kdpg3q71WlHqFYLxFMQ5OnUDSKMkR4Gn3j0FBQn4oYCPIUjp7BHw01FDnXg
> I1Eyg8F9KHSYuQkFmijTDuNL0SRJ1JsRbtAaIhTCXvM5jB9FQfgvbXwPoKALEH9W
> S54fnPAmsCyNd6+y1To8wt2JDW+ZomLQEApSL8zwgU37qJVtv0y+kOc46jgADJwq
> TixhBBXw0GJen9gVWWQEDhK7zncft96PODbjgIdMb2lL+164G/AAj4VopmqPzNIb
> EUrvPgB9lUkSQFxbZI4GooEdNbt6UKgyQRbGcftkNF0wrs59fdkRn8+bRiQyJcJu
> /xLX+sOXphe4Dhjj05n6Ejsy5jugLAhMoRkBdxJlJHODjx4Uk8kt84Xh3sQyRo5o
> se5vGxXOEn+rlxteHWQEb6KwskSeyBcZXMUi+UK++UOr2IvigMjfWQ5B0CWo7Ws+
> GTH8lI82gxkM2M3o+NVxxRPP23KfiBmWkhxYm2bosD+Y6qrv4M5cfEEwI/BK3O7d
> YRInIEEGDrZKXlrr8gArVJVIDXrslCW5USH6ypHdxEelYv5PLdOy1W617gPGxVlx
> /x96gE2404N4tvTH8rb9UUFWf+E8lT8sgtyivK9rtwMAQr2yG5FM1SOsS3V2iO7/
> /PPfXGv3BCclSfI63O7q
> =UjVE
> -----END PGP SIGNATURE-----
>
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic