SonicWALL SOHO3 Content Filter Script Injection

2002-05-17T00:00:00
ID OSVDB:4408
Type osvdb
Reporter Eric McCarty(rdnktrk@hotmail.com)
Modified 2002-05-17T00:00:00

Description

Vulnerability Description

SonicWALL SOHO3 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate blocked site URIs upon submission to the administrator logs. This could allow a user to create a specially crafted URL that would execute arbitrary code in the administrator's browser when s/he views the log, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds: 1. Unselect "Blocked Web Sites" from the "Log->Log Settings" tab. Selected sites will continue to be blocked, but no logs will be generated. 2. Disabled Active Scripting in your web browser.

Short Description

SonicWALL SOHO3 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate blocked site URIs upon submission to the administrator logs. This could allow a user to create a specially crafted URL that would execute arbitrary code in the administrator's browser when s/he views the log, leading to a loss of integrity.

Manual Testing Notes

The following URI will redirect the admin to an arbitrary site:

http://[attacker]/<SCRIPT>window.location.href="http://[arbitrary]";</SCRIPT>

References:

Vendor URL: http://www.sonicwall.com/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-05/0143.html Keyword: Firewall Bugtraq ID: 4755