Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29369
HistoryMay 06, 2013 - 12:00 a.m.

[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics

2013-05-0600:00:00
vulners.com
46

=============================================
INTERNET SECURITY AUDITORS ALERT 2013-002

  • Original release date: January 22nd, 2013
  • Last revised: March 10th, 2013
  • Discovered by: Manuel Garcia Cardenas
  • Severity: 4,8/10 (CVSS Base Score)
    =============================================

I. VULNERABILITY

Reflected XSS in Asteriskguru Queue Statistics.

II. BACKGROUND

The Asteriskguru Queue Statistics, is a PHP based program, which gives
anyone who uses queues or CDRs overview in Asterisk a deep insight in
the quality of the service which is delivered to their customers. It
is fully developed by the Asteriskguru developers.

III. DESCRIPTION

Has been detected a reflected XSS vulnerability in Asteriskguru Queue
Statistics , that allows the execution of arbitrary HTML/script code
to be executed in the context of the victim user's browser.

The code injection is done through the parameter warning in the page
error.php.

IV. PROOF OF CONCEPT

Malicious Request:
http://vulnerablesite.com/public/error.php?warning=<XSS injection>

Example:
http://vulnerablesite.com/public/error.php?warning=<script>alert("XSS")</script>

V. BUSINESS IMPACT

An attacker can execute arbitrary HTML or script code in a targeted
user's browser, this can leverage to steal sensitive information as
user credentials, personal data, etc.

VI. SYSTEMS AFFECTED

All Versions of Asteriskguru Queue Statistics.

VII. SOLUTION

All data received by the application and can be modified by the user,
before making any kind of transaction with them must be validated.

VIII. REFERENCES

http://www.asteriskguru.com/tools/queue_stats.php
http://www.isecauditors.com

IX. CREDITS

This vulnerability has been discovered
by Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com).

X. REVISION HISTORY

January 22, 2013: Initial release

XI. DISCLOSURE TIMELINE

January 22, 2013: Vulnerability acquired by
Internet Security Auditors (www.isecauditors.com)
January - February: Attempts to contact someone managing
the project without answer.
March 10, 2013: Send to lists.

XII. LEGAL NOTICES

The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse of this information.

XIII. ABOUT

Internet Security Auditors is a Spain based leader in web application
testing, network security, penetration testing, security compliance
implementation and assessing. Our clients include some of the largest
companies in areas such as finance, telecommunications, insurance,
ITC, etc. We are vendor independent provider with a deep expertise
since 2001. Our efforts in R&D include vulnerability research, open
security project collaboration and whitepapers, presentations and
security events participation and promotion. For further information
regarding our security services, contact us.