Asteriskguru Queue Statistics Cross Site Scripting

`=============================================  
INTERNET SECURITY AUDITORS ALERT 2013-002  
- Original release date: January 22nd, 2013  
- Last revised: March 10th, 2013  
- Discovered by: Manuel Garcia Cardenas  
- Severity: 4,8/10 (CVSS Base Score)  
=============================================  
  
I. VULNERABILITY  
-------------------------  
Reflected XSS in Asteriskguru Queue Statistics.  
  
II. BACKGROUND  
-------------------------  
The Asteriskguru Queue Statistics, is a PHP based program, which gives  
anyone who uses queues or CDRs overview in Asterisk a deep insight in  
the quality of the service which is delivered to their customers. It  
is fully developed by the Asteriskguru developers.  
  
III. DESCRIPTION  
-------------------------  
Has been detected a reflected XSS vulnerability in Asteriskguru Queue  
Statistics , that allows the execution of arbitrary HTML/script code  
to be executed in the context of the victim user's browser.  
  
The code injection is done through the parameter warning in the page  
error.php.  
  
IV. PROOF OF CONCEPT  
-------------------------  
Malicious Request:  
http://vulnerablesite.com/public/error.php?warning=<XSS injection>  
  
Example:  
http://vulnerablesite.com/public/error.php?warning=<script>alert("XSS")</script>  
  
V. BUSINESS IMPACT  
-------------------------  
An attacker can execute arbitrary HTML or script code in a targeted  
user's browser, this can leverage to steal sensitive information as  
user credentials, personal data, etc.  
  
VI. SYSTEMS AFFECTED  
-------------------------  
All Versions of Asteriskguru Queue Statistics.  
  
VII. SOLUTION  
-------------------------  
All data received by the application and can be modified by the user,  
before making any kind of transaction with them must be validated.  
  
VIII. REFERENCES  
-------------------------  
http://www.asteriskguru.com/tools/queue_stats.php  
http://www.isecauditors.com  
  
IX. CREDITS  
-------------------------  
This vulnerability has been discovered  
by Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com).  
  
X. REVISION HISTORY  
------------------------  
January 22, 2013: Initial release  
  
XI. DISCLOSURE TIMELINE  
-------------------------  
January 22, 2013: Vulnerability acquired by  
Internet Security Auditors (www.isecauditors.com)  
January - February: Attempts to contact someone managing  
the project without answer.  
March 10, 2013: Send to lists.  
  
XII. LEGAL NOTICES  
-------------------------  
The information contained within this advisory is supplied "as-is"  
with no warranties or guarantees of fitness of use or otherwise.  
Internet Security Auditors accepts no responsibility for any damage  
caused by the use or misuse of this information.  
  
XIII. ABOUT  
-------------------------  
Internet Security Auditors is a Spain based leader in web application  
testing, network security, penetration testing, security compliance  
implementation and assessing. Our clients include some of the largest  
companies in areas such as finance, telecommunications, insurance,  
ITC, etc. We are vendor independent provider with a deep expertise  
since 2001. Our efforts in R&D include vulnerability research, open  
security project collaboration and whitepapers, presentations and  
security events participation and promotion. For further information  
regarding our security services, contact us.  
`