The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). An example of a network attack is an attacker causing a denial of service by sending a specially crafted TCP packet across a wide area network (e.g., CVE-2004-0230).
Attack Complexity
Low
AC
The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Privileges Required
None
PR
The attacker is unauthenticated prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
Scope
Unchanged
S
An exploited vulnerability can only affect resources managed by the same security authority. In the case of a vulnerability in a virtualized environment, an exploited vulnerability in one guest instance would not affect neighboring guest instances.
Confidentiality
None
C
There is no impact on the confidentiality of the system; the attacker does not gain the ability to read any data.
Integrity
Low
I
Modification of data is possible, but the attacker does not have control over what can be modified, or the extent of what the attacker can affect is limited. The data modified does not have a direct, serious impact on the system.
Availability
None
A
There is no impact on the availability of the system; the attacker does not have the ability to disrupt access to or use of the system.
=============================================
INTERNET SECURITY AUDITORS ALERT 2013-002
- Original release date: January 22nd, 2013
- Last revised: March 10th, 2013
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
Reflected XSS in Asteriskguru Queue Statistics.
II. BACKGROUND
-------------------------
The Asteriskguru Queue Statistics, is a PHP based program, which gives
anyone who uses queues or CDRs overview in Asterisk a deep insight in
the quality of the service which is delivered to their customers. It
is fully developed by the Asteriskguru developers.
III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in Asteriskguru Queue
Statistics , that allows the execution of arbitrary HTML/script code
to be executed in the context of the victim user's browser.
The code injection is done through the parameter warning in the page
error.php.
IV. PROOF OF CONCEPT
-------------------------
Malicious Request:
http://vulnerablesite.com/public/error.php?warning=<XSS injection>
Example:
http://vulnerablesite.com/public/error.php?warning=<script>alert("XSS")</script>
V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, this can leverage to steal sensitive information as
user credentials, personal data, etc.
VI. SYSTEMS AFFECTED
-------------------------
All Versions of Asteriskguru Queue Statistics.
VII. SOLUTION
-------------------------
All data received by the application and can be modified by the user,
before making any kind of transaction with them must be validated.
VIII. REFERENCES
-------------------------
http://www.asteriskguru.com/tools/queue_stats.php
http://www.isecauditors.com
IX. CREDITS
-------------------------
This vulnerability has been discovered
by Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com).
X. REVISION HISTORY
------------------------
January 22, 2013: Initial release
XI. DISCLOSURE TIMELINE
-------------------------
January 22, 2013: Vulnerability acquired by
Internet Security Auditors (www.isecauditors.com)
January - February: Attempts to contact someone managing
the project without answer.
March 10, 2013: Send to lists.
XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse of this information.
XIII. ABOUT
-------------------------
Internet Security Auditors is a Spain based leader in web application
testing, network security, penetration testing, security compliance
implementation and assessing. Our clients include some of the largest
companies in areas such as finance, telecommunications, insurance,
ITC, etc. We are vendor independent provider with a deep expertise
since 2001. Our efforts in R&D include vulnerability research, open
security project collaboration and whitepapers, presentations and
security events participation and promotion. For further information
regarding our security services, contact us.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum