Exploit for php platform in category web applications
Vendor: SearchBlox Software, Inc.
Vulnerable Version(s): 8.2 and probably prior
Tested Version: 8.2
Advisory Publication: April 22, 2015 [without technical details]
Vendor Notification: April 22, 2015
Vendor Patch: May 26, 2015
Public Disclosure: June 17, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-3422
Risk Level: Low
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered XSS vulnerability in SearchBlox, which can be exploited to perform Cross-Site Scripting attacks against the vulnerable web application administrators.
Input passed via the "menu2" HTTP GET parameter to "/searchblox/admin/main.jsp" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and scripting code in his browser in context of the vulnerable website.
A simple XSS exploit below uses the "alert()" JS function to display a box with "ImmuniWeb" word:
http://[host]/searchblox/admin/main.jsp?menu1=adm&menu2=%22%3E%3Cscript%3Ealert%28%27ImmuniWeb%27%29;%3C/script%3E
-----------------------------------------------------------------------------------------------
Solution:
Update to SearchBlox 8.2.1
# 0day.today [2018-04-12] #