exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Verint Impact 360 15.1 Script Insertion / HTML Injection

Verint Impact 360 15.1 Script Insertion / HTML Injection
Posted Jul 14, 2020
Authored by Ryan Delaney

Verint Impact 360 version 15.1 has an issue where the helpURL parameter in wfo/help/help_popup.jsp can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.

tags | exploit, arbitrary, xss
advisories | CVE-2019-12773
SHA-256 | 037db083b292ddba6c882f5cb6d036f5ab65f22b3161e14d9ede682bd0105457

Verint Impact 360 15.1 Script Insertion / HTML Injection

Change Mirror Download
<!--
# Exploit Title: Verint Impact 360 Open iFrame
# Date: 7-13-2020
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney@owasp.org
# Author LinkedIn: https://www.linkedin.com/in/infosecrd/
# Vendor Homepage: https://www.verint.com/
# Software Link:
https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/
# Version: Impact 360 v15.1
# Tested on: Impact 360 v15.1
# CVE: CVE-2019-12773

1. Description

An issue was discovered in Verint Impact 360 15.1. At
wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed
arbitrary content inside of an iFrame. Attackers may use this in
conjunction with social engineering to embed malicious scripts or phishing
pages on a site where this product is installed, given the attacker can
convince a victim to visit a crafted link.

2. Mitigation

Restrict Impact 360 accessibility to internal network only. Verint has not
patched this vulnerability to my knowledge, despite having been made aware
of it over a year ago.

3. PoC

Withheld due to possible legal threat.

4. Timeline

Discovered: 6-7-2019
CVE assigned: 6-10-2019
First contact: 6-14-2019 (no response)
Follow-up 1: 6-25-2019
Reply received: 7-9-2019 (stating that the responsible disclosure line
was for the community edition and report would be forwarded to enterprise)
Follow-up 2: 7-16-2019
Reply received: 7-19-2019 (cc'ing another individual and asking them to
follow up with me)
Follow-up 3: 8-30-2019 (no response)
Follow-up 4: 9-4-2019 (no response)
Follow-up 5: 9-11-2019 (no response)
Follow-up 6: 1-6-2020 (notification of intent to disclose in 90 days, no
response)
Follow-up 7: 3-5-2020 (notification of intent to disclose in 30 days)
Reply received: 3-6-2020 (requesting addition delay for disclosure)
Follow-up 8: 3-27-2020 (no response)
Follow-up 9: 5-18-2020 (no response)
Follow-up 10: 6-25-2020 (notification of intent to disclose, requesting
confirmation that legal action will not be pursued, no response)
Published: 7-13-2020 (260 business days after initial report)

-->


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close