Home / exploits Adiscan LogAnalyzer 3.4.3 Cross Site Scripting
Posted on 21 June 2012
############################################################################## # # Title : Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability # Author : Sooraj K.S SecPod Technologies (www.secpod.com) # Vendor : http://loganalyzer.adiscon.com/ # Advisory : http://secpod.org/blog/?p=504 # : http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt # Software : LogAnalyzer 3.4.3 # Date : 30/05/2012 # ############################################################################### SecPod ID: 1041 30/05/2012 Issue Discovered 19/06/2012 Vendor Notified 19/06/2012 Vendor Acknowledge 20/06/2012 Issue Resolved Class: Cross-Site Scripting Severity: Medium Overview: --------- Adiscon LogAnalyzer is prone to cross-site scripting vulnerability. Technical Description: ---------------------- Adiscon LogAnalyzer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Input passed via the 'highlight' parameter in index.php is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentication credentials and to launch other attacks. The vulnerability has been tested in LogAnalyzer 3.4.3. Other versions may also be affected. Impact: -------- Successful exploitation allows an attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. Affected Software: ------------------ LogAnalyzer 3.4.3 and prior. Reference: --------- http://secpod.org/blog/?p=504 http://loganalyzer.adiscon.com http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter Proof of Concept: ----------------- http://www.example.com/?search=Search&highlight="<script>alert(document.cookie)</script> Solution: ---------- Update LogAnalyzer to version 3.4.4 or higher. Risk Factor: ------------- CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = MEDIUM AUTHENTICATION = NONE CONFIDENTIALITY_IMPACT = NONE INTEGRITY_IMPACT = PARTIAL AVAILABILITY_IMPACT = NONE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) Credits: -------- Sooraj K.S of SecPod Technologies has been credited with the discovery of this vulnerability.
