exploit the possibilities

Verint Impact 360 15.1 Script Insertion / HTML Injection

Verint Impact 360 15.1 Script Insertion / HTML Injection
Posted Jul 14, 2020
Authored by Ryan Delaney

Verint Impact 360 version 15.1 has an issue where the helpURL parameter in wfo/help/help_popup.jsp can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.

tags | exploit, arbitrary, xss
advisories | CVE-2019-12773
MD5 | 4dd04c37bb2f1afa689fdbef4d3f3853

Verint Impact 360 15.1 Script Insertion / HTML Injection

Change Mirror Download
<!--
# Exploit Title: Verint Impact 360 Open iFrame
# Date: 7-13-2020
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney@owasp.org
# Author LinkedIn: https://www.linkedin.com/in/infosecrd/
# Vendor Homepage: https://www.verint.com/
# Software Link:
https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/
# Version: Impact 360 v15.1
# Tested on: Impact 360 v15.1
# CVE: CVE-2019-12773

1. Description

An issue was discovered in Verint Impact 360 15.1. At
wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed
arbitrary content inside of an iFrame. Attackers may use this in
conjunction with social engineering to embed malicious scripts or phishing
pages on a site where this product is installed, given the attacker can
convince a victim to visit a crafted link.

2. Mitigation

Restrict Impact 360 accessibility to internal network only. Verint has not
patched this vulnerability to my knowledge, despite having been made aware
of it over a year ago.

3. PoC

Withheld due to possible legal threat.

4. Timeline

Discovered: 6-7-2019
CVE assigned: 6-10-2019
First contact: 6-14-2019 (no response)
Follow-up 1: 6-25-2019
Reply received: 7-9-2019 (stating that the responsible disclosure line
was for the community edition and report would be forwarded to enterprise)
Follow-up 2: 7-16-2019
Reply received: 7-19-2019 (cc'ing another individual and asking them to
follow up with me)
Follow-up 3: 8-30-2019 (no response)
Follow-up 4: 9-4-2019 (no response)
Follow-up 5: 9-11-2019 (no response)
Follow-up 6: 1-6-2020 (notification of intent to disclose in 90 days, no
response)
Follow-up 7: 3-5-2020 (notification of intent to disclose in 30 days)
Reply received: 3-6-2020 (requesting addition delay for disclosure)
Follow-up 8: 3-27-2020 (no response)
Follow-up 9: 5-18-2020 (no response)
Follow-up 10: 6-25-2020 (notification of intent to disclose, requesting
confirmation that legal action will not be pursued, no response)
Published: 7-13-2020 (260 business days after initial report)

-->


Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close