94 lines
No EOL
2.1 KiB
Text
94 lines
No EOL
2.1 KiB
Text
Xplico v0.5.7 (add.ctp) Remote XSS Vulnerability
|
||
|
||
Title: Xplico v0.5.7 (add.ctp) Remote XSS Vulnerability
|
||
Type: Remote
|
||
Impact: Cross-Site Scripting
|
||
Release Date: 02.07.2010
|
||
Release mode: Coordinated release
|
||
|
||
Summary
|
||
=======
|
||
|
||
The goal of Xplico is extract from an internet traffic capture the applications
|
||
data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP,
|
||
and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on.
|
||
Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic
|
||
Analysis Tool (NFAT).
|
||
|
||
Description
|
||
===========
|
||
|
||
Xplico is vulnerable to Cross-Site Scripting vulnerability. An attacker can use the
|
||
"POST" to take advantage of this vulnerability, injecting code into the web pages
|
||
viewed by other users.
|
||
|
||
--------------------------------------------------------------------------------
|
||
|
||
Detecting vulnerabilities
|
||
- /opt/xplico/xi/app/views/pols/add.ctp:13
|
||
- /opt/xplico/xi/app/views/pols/add.ctp:14
|
||
- /opt/xplico/xi/app/views/sols/add.ctp:10
|
||
|
||
--------------------------------------------------------------------------------
|
||
|
||
|
||
Vendor
|
||
======
|
||
|
||
Xplico Team - http://www.xplico.org
|
||
|
||
|
||
Affected Version
|
||
================
|
||
|
||
0.5.7
|
||
|
||
PoC
|
||
===
|
||
|
||
- /opt/xplico/xi/app/views/pols/add.ctp:13
|
||
echo $form->input('Pol.name', array('maxlength'=> 50, 'size' => '50','label' => 'Case name'));
|
||
|
||
|
||
Attack: Case name=[XSS] (POST)
|
||
|
||
|
||
Credits
|
||
=======
|
||
|
||
Vulnerability discovered by Marcos Garcia (@artsweb) and Maximiliano Soler (@maxisoler).
|
||
|
||
|
||
Solution
|
||
========
|
||
|
||
Upgrade to Xplico v0.5.8 (http://sourceforge.net/projects/xplico/files/)
|
||
|
||
|
||
Vendor Status
|
||
=============
|
||
[22.06.2010] Vulnerability discovered.
|
||
[22.06.2010] Vendor informed.
|
||
[22.06.2010] Vendor replied.
|
||
[24.06.2010] Asked vendor for confirmation.
|
||
[24.06.2010] Vendor confirms vulnerability.
|
||
[24.06.2010] Asked vendor for status.
|
||
[24.06.2010] Vendor replied.
|
||
[29.06.2010] Vendor reveals patch release date.
|
||
[29.06.2010] Coordinated public advisory.
|
||
|
||
|
||
References
|
||
==========
|
||
|
||
[1] http://www.xplico.org/archives/710
|
||
|
||
|
||
Changelog
|
||
=========
|
||
|
||
[02.07.2010] - Initial release
|
||
|
||
|
||
Web: http://www.zeroscience.mk
|
||
e-mail: lab@zeroscience.mk |