Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

  CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4

  AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability

  Symphony CMS 2.6.2

From:jerold_(at)_v00d00sec.com <jerold_(at)_v00d00sec.com>
Date:8 июня 2015 г.
Subject:IBM Watson (Cognea) - XSS and Redirect Vulnerabilities



# Vulnerability type: Cross-site Scripting & Redirect  
# Vendor: www.ibm.com
# Product: IBM Watson Cloud Computing SaaS (Cognea)
# Product Link: http://www.ibm.com/smarterplanet/us/en/ibmwatson/
# Credit: Jerold Hoong

The logout.jsp page function of the IBM Watson (Cognea) SaaS application is
vulnerable to reflected XSS and redirect attacks. The value of the Referer
HTTP header is directly referenced by the logout.jsp page and echoes the input
unmodified in to the application’s response.

# PROOF OF CONCEPT (XSS)

- Sample URL: http://127.0.0.1/test/logout.jsp
- Parameter: Referer HTTP header
- Payload: javascript:alert('XSS')//

# PROOF OF CONCEPT (Redirect)

The logout.jsp page is vulnerable to unauthorised redirects.

- Sample URL: http://127.0.0.1/test/logout.jsp
- Parameter: Referer HTTP header
- Payload: http://malicious-site.com/

# TIMELINE
- 16/04/2015: Vulnerability found
- 17/04/2015: Vendor informed
- 08/04/2015: Vendor responded and acknowledged
- 03/06/2015: Vendor fixed the issue
- 04/06/2015: Public disclosure

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород