Exploit for php platform in category web applications
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DDI-0818.txt
Vendor:
================================
www.trendmicro.com
Product:
===================================
Trend Micro Deep Discovery 3.7.1096
Vulnerability Type:
===================
Authentication Bypass
CVE Reference:
==============
CVE-2015-2873
Vulnerability Details:
===========================================================
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
http://www.kb.cert.org/vuls/id/248692
Trend Micro Deep Discovery Threat Appliance version 3.7.1096
Certain Deep Discovery Inspector URLs including the system log and
whitelist/blacklist are accessible to a non-administrator user
because the pages do not properly check for authorization. An
unauthenticated user without administrator privileges may thus
gain access to and modify certain system configuration settings.
Several URLs, including the system log, whitelist, and blacklist,
are accessible to a non-administrator user by direct request.
The pages do not properly check for authorization.
Impact:
=======
An authenticated user without administrator privileges may access
and modify certain system configuration settings.
Description:
==========================================================
Request Method(s): [+] GET
Vulnerable Product: [+] Trend Micro Deep Discovery 3.7.1096
Vulnerable Parameter(s): [+] syslog, whitelist, blacklist
Affected Area(s): [+] Trend Micro Deep Discovery
Vulnerability Details:
==========================================================
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
http://www.kb.cert.org/vuls/id/248692
Deep Discovery Inspector is vulnerable to XSS attacks that
could allow an unauthenticated user to execute malicious content.
On some legacy browsers like IE 7 with a low Security Level,
Deep Discovery Inspector is vulnerable to XSS that allows an
unauthenticated user to execute malicious content through the index.php
The widget implementation is vulnerable to XSS that allows an
unauthenticated user to execute malicious content.
Exploit code(s):
===============
https://localhost/widget/index.php?menuUrl=1&contentUrl='"%25;alert('XSS+By+hyp3rlinx+\nMarch+2015')//
# 0day.today [2018-01-09] #