ARISg5 (Version 5.0) Cross Site Scripting Vulnerability

2010-03-02T00:00:00
ID SECURITYVULNS:DOC:23308
Type securityvulns
Reporter Securityvulns
Modified 2010-03-02T00:00:00

Description

========================================= Yaniv Miron aka "Lament" Advisory Feb 24, 2010 ARISg5 (Version 5.0) Cross Site Scripting Vulnerability =========================================

========================================================================================== Application name: ARISg5 (arisglobal) Version: 5.0 Class: Input Validation Error Type: Cross Site Scripting (XSS) Remote: Yes Credit: Yaniv Miron aka "Lament" Exploit:

http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error Message<script>alert('Malicious XSS Code')</script>

Yaniv Miron aka "Lament". lament@ilhack.org ==========================================================================================

===================== I. BACKGROUND ===================== ARISg™ - Adverse Drug Event Reporting pharmacovigilance and safety ARISg is the world's leading pharmacovigilance and clinical safety system for good reason, with more than 300 life-sciences companies maintaining their critical safety data in ARISg worldwide.

http://www.arisglobal.com/products/arisg.php

===================== II. DESCRIPTION =====================

  1. A malicious attacker may inject scripts into the "errmsg" parameter in the ARISg5 (Version 5.0) application.

  2. A malicious attacker may Inject his own error message using the "errmsg" parameter and create a phishing attack using the ARISg5 (Version 5.0) application

===================== III. ANALYSIS =====================

  1. Exploitation of this vulnerability results in the execution of arbitrary code using a malicious link.

  2. Exploitation of this vulnerability results in creation of a phishing page using the original ARISg5 (Version 5.0) application error page.

===================== IV. EXPLOIT =====================

http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error Message<script>alert('Malicious XSS Code')</script>

===================== V. DISCLOSURE TIMELINE =====================

Jan 2009 Vulnerability found Jan 2009 Vendor Notification Feb 2010 Vendor Notification (Before Disclosure) Feb 2010 Public Disclosure

===================== VI. CRETID =====================

Yaniv Miron aka "Lament". lament@ilhack.org