exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

desk.com Cross Site Scripting

desk.com Cross Site Scripting
Posted Feb 16, 2016
Authored by Jose Antonio Perez Piedra

desk.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 83da654ba2270bdcaa874faf02dd440d2b174258e4150dc3044474030cfef161

desk.com Cross Site Scripting

Change Mirror Download
=============================================
INTERNET SECURITY AUDITORS ALERT 2016-001
- Original release date: February 16, 2016
- Last revised: February 16, 2016
- Discovered by: José Antonio Pérez Piedra
- Severity: 6.1/10 (CVSSv3 Base Metrics)
=============================================

I. VULNERABILITY
-------------------------
Desk.com is affected by Reflected Cross-Site Scripting vulnerability

II. BACKGROUND
-------------------------
Desk.com is a help desk solution which allows companies to handle both
traditional 1-to-1 communications as well as monitor and respond to
social media. It also provides email support system and knowledgebase.

III. DESCRIPTION
-------------------------
Desk.com is affected by Reflected Cross-Site Scripting vulnerability in
the email contact form. The vulnerable resource does not properly check
the type of the parameters passed to the application through GET
requests. It allows malicious users to bypass the sanitizer and execute
arbitrary HTML/script code in the context of the victim's browser.

IV. PROOF OF CONCEPT
-------------------------
The affected resource is:
/customer/portal/emails/new

All GET parameters are affected by this vulnerability, for example:
email[body]
email[subject]
interaction[email]
interaction[name]

The application does not filter the parameters if they are passed as
nested arrays and reflects its content in the response.

Here is a PoC:
/customer/portal/emails/new?email[body]=&email[subject][]=asd'><img
src=x onerror=prompt(1)>&interaction[email]=&interaction[name]=

V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, this can leverage to steal sensitive information as user
credentials, personal data, etc.

VI. SYSTEMS AFFECTED
-------------------------
www.desk.com

VII. SOLUTION
-------------------------
This vulnerability have been corrected.

VIII. REFERENCES
-------------------------
http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

See Proof of Concept of exploitation in our Youtube channel.

IX. CREDITS
-------------------------
This vulnerability has been discovered by José Antonio Pérez Piedra,
japerez (at) isecauditors (dot) com.

X. REVISION HISTORY
-------------------------
February 16, 2016: Initial release

XI. DISCLOSURE TIMELINE
-------------------------
November 4, 2015: Vulnerability acquired by Internet Security Auditors
November 6, 2015 Contact with Desk.com Security Team
December 1, 2015: Internet Security Auditors confirm that the bug have
bveen corrected.
February 16, 2016: Advisory published.

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise. Internet
Security Auditors accepts no responsibility for any damage caused by the
use or misuse of this information.

XIII. ABOUT
-------------------------
Internet Security Auditors is a Spain based leader in web application
testing, network security, penetration testing, security compliance
implementation and assessing. Our clients include some of the largest
companies in areas such as finance, telecommunications, insurance, ITC,
etc. We are vendor independent provider with a deep expertise since
2001. Our efforts in R&D include vulnerability research, open security
project collaboration and whitepapers, presentations and security events
participation and promotion. For further information regarding our
security services, contact us.

XIV. FOLLOW US
-------------------------
You can follow Internet Security Auditors, news and security advisories at:
https://www.facebook.com/ISecAuditors
https://twitter.com/ISecAuditors
http://www.linkedin.com/company/internet-security-auditors
http://www.youtube.com/user/ISecAuditors
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close