RM SafetyNet Plus snpfiltered.pl u Variable XSS

2005-04-12T01:27:36
ID OSVDB:15543
Type osvdb
Reporter sNKenjoi(snkenjoi@gmail.com)
Modified 2005-04-12T01:27:36

Description

Vulnerability Description

RM SafetyNet Plus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'u' variable upon submission to the snpfiltered.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

RM SafetyNet Plus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'u' variable upon submission to the snpfiltered.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/cgi-local/snpfiltered.pl?t=c&u=[XSS] http://[victim]/cgi-local/snpfiltered.pl?t=c&u=<noframes>">[XSS]<a%20" http://[victim]/cgi-local/snpfiltered.pl?t=c&u=">[XSS]<a%20" http://[victim]/cgi-local/snpfiltered.pl?t=f00b4r&u=[XSS] http://[victim]/cgi-local/snpfiltered.pl?t=c&u=">[XSS]<noframes>

References:

Vendor URL: http://www.rm.com/Secondary/Products/Product.asp?cref=PD1610 Vendor URL: http://www.rm.com/ Other Advisory URL: http://www.snkenjoi.com/secadv/secadv2.txt