Cross-Site Scripting Vulnerability on Ipanema Ip|Reporter Web

Advisory Information
Title: Cross-Site Scripting Vulnerability on Ipanema Ip|Reporter web v7.1  
Release date: 22/04/2013  
Last update:  30/08/2013
Credits: Cersosimo Fiorenzo (Emaze Networks S.p.A.)

Vulnerability Information
Class: Input Validation Vulnerability, Cross-site Scripting
CVE: 2013-3296 

Affected Software
We confirm the presence of the security vulnerability on the following product version:
  • Ip|Reporter Web v7.1
Vulnerability Details 
Ip|reporter web can be exploited to cause a disclosure of the user’s session cookie, allowing an attacker to hijack the user session and take over the account. The vulnerability is on the page help.jsp, in the params displetid.

A proof of concept of the Reflected Cross-Site Scripting follows: 
  • https://[host]/salsa/ipreporter_portal/[domain]/portal/help.jsp?rubricId=15;&displetid=164;%22%3C/script%3E%3Cscript%3Ealert%28123%29%3C/script%3E&parentid=150

Remediation
Patch is available on the support web site. 
  
Report Timeline
22/04/2013 - Vulnerability found.
23/04/2013 - Author sends a detailed email describing the vulnerability to the customer. 
23/04/2013 - Customer sends the detail to the Vendor.
29/04/2013 - Vendor opens a ticket to the supplier of the specific component.
17/06/2013 - Author sends an email
to ask for an update.
18/07/2013 - Vendor replies that the patch has been released. 
30/08/2013 - Author notifies the intention to disclosure.
06/09/2013 - Disclosure.
 
Copyright
Copyright(c) Emaze Networks S.p.A. 2013, All rights reserved worldwide. Permission is hereby granted to redistribute this advisory, providing that no changes are made and that the copyright notices and disclaimers remain intact.

Disclaimer
Emaze Networks S.p.A. is not responsible for the misuse of the information provided in our security advisories. These advisories are a service to the professional security community.
There are NO WARRANTIES with regard to this information. Any application or distribution of this information constitutes acceptance AS IS, at the user's own risk. This information is subject to change without notice.

3 comments:

  1. Thank you for this wonderful blog. I seen this first time in this blog. It is really interesting. Keep sharing such new information. For academic help visit custom essay writing service site.

    ReplyDelete
  2. If you need to hire a real hacker to help spy on your partner's cell phone remotely, change your grades or boost your credit score. Contact this helpline +1 347.857.7580 or the email address expressfoundations@gmail.com

    ReplyDelete
  3. Here you can find some interesting information about phone tracking apps

    ReplyDelete