Adiscon LogAnalyzer ‘highlight’参数跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1172539 漏洞类型 跨站脚本
发布时间 2012-06-20 更新时间 2012-06-20
CVE编号 CVE-2012-3790 CNNVD-ID CNNVD-201206-371
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/73862
https://cxsecurity.com/issue/WLB-2012060261
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201206-371
|漏洞详情
AdisconLogAnalyzer3.4.4之前版本和3.5.5之前的3.5.x版本中的index.php中存在跨站脚本(XSS)漏洞。远程攻击者可利用该漏洞通过Search操作中的highlight参数注入任意web脚本或HTML。
|漏洞EXP
##############################################################################
#
# Title    : Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
# Author   : Sooraj K.S SecPod Technologies (www.secpod.com)
# Vendor   : http://loganalyzer.adiscon.com/
# Advisory : http://secpod.org/blog/?p=504
#          : http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt
# Software : LogAnalyzer 3.4.3
# Date     : 30/05/2012
#
###############################################################################

SecPod ID: 1041                                 30/05/2012 Issue Discovered
                                                19/06/2012 Vendor Notified
                                                19/06/2012 Vendor Acknowledge
                                                20/06/2012 Issue Resolved

Class: Cross-Site Scripting                     Severity: Medium


Overview:
---------
Adiscon LogAnalyzer is prone to cross-site scripting vulnerability.


Technical Description:
----------------------
Adiscon LogAnalyzer is prone to a cross-site scripting vulnerability because
it fails to properly sanitize user-supplied input.

Input passed via the 'highlight' parameter in index.php is not properly
verified before it is returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in the context of
a vulnerable site. This may allow an attacker to steal cookie-based
authentication credentials and to launch other attacks.

The vulnerability has been tested in LogAnalyzer 3.4.3. Other versions may
also be affected.


Impact:
--------
Successful exploitation allows an attacker to execute arbitrary HTML and script
code in a user's browser session in the context of a vulnerable site.


Affected Software:
------------------
LogAnalyzer 3.4.3 and prior.


Reference:
---------
http://secpod.org/blog/?p=504
http://loganalyzer.adiscon.com
http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt
http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable
http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta
http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter


Proof of Concept:
-----------------
http://www.example.com/?search=Search&highlight="<script>alert(document.cookie)</script>


Solution:
----------
Update LogAnalyzer to version 3.4.4 or higher.


Risk Factor:
-------------
    CVSS Score Report:
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = MEDIUM
        AUTHENTICATION         = NONE
        CONFIDENTIALITY_IMPACT = NONE
        INTEGRITY_IMPACT       = PARTIAL
        AVAILABILITY_IMPACT    = NONE
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N)


Credits:
--------
Sooraj K.S of SecPod Technologies has been credited with the discovery of this
vulnerability.
|受影响的产品
Adiscon LogAnalyzer 3.5.4 Adiscon LogAnalyzer 3.5.3 Adiscon LogAnalyzer 3.5.2 Adiscon LogAnalyzer 3.5.1 Adiscon LogAnalyzer 3.5.0 Adiscon LogAnalyzer 3.4.3
|参考资料

来源:secpod.org
链接:http://secpod.org/blog/?p=504
来源:secpod.org
链接:http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt
来源:loganalyzer.adiscon.com
链接:http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter
来源:loganalyzer.adiscon.com
链接:http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta
来源:loganalyzer.adiscon.com
链接:http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable