Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  BF, LE and IAA vulnerabilities in InstantCMS

  Information Leakage and Backdoor vulnerabilities in WordPress

  CSRF, DoS and IL vulnerabilities in WordPress

  URL Redirector Abuse and XSS vulnerabilities in WordPress

From:zoczus_(at)_gmail.com <zoczus_(at)_gmail.com>
Date:9 января 2014 г.
Subject:LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client



Author: Jakub Zoczek [[email protected]]
CVE Reference: CVE-2013-7032
Product: LiveZilla
Vendor: LiveZilla GmbH [http://livezilla.net]
Affected version: 5.1.2.0
Severity: Medium
CVSSv2 Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Status: Fixed

0x01 Background

LiveZilla, the widely-used and trusted Live Help and Live Support System.

0x02 Description

LiveZilla in version 5.1.2.0 is prone to multiple stored cross-site scripting vulnerabilities in Webbased Operator Client. Attacker is able to execute arbitrary javascript code in context of operator browser by providing xss payloads into unfiltered fields - details below.


0x03 Proof of Concept

- File Names - this issue is really similar to CVE-2013-7003. LiveZilla fixed it by escaping displayed file name when customer want send it to operator. Unfortunately it is unescaped after succesful upload.
- Also - after upload LiveZilla creates 'resources' with those files. Filenames are escaped properly there, but names of customers don't. We can use simple, widely-known XSS payloads to exploit this vulnerability.

0x04 Fix

Vulnerability was fixed in LiveZilla 5.1.2.1 version.

0x05 Timeline

08.12.2013 - Vendor notified
09.12.2013 - Vendor responded with informations about planned release
10.12.2013 - Version 5.1.2.1 released
15.12.2013 - Public Disclosure

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород