Search...

BarackObama Online Service - Persistent Web Vulnerability

2011-09-11T00:00:00

ID VULNERLAB:270
Type vulnerlab
Reporter Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve)
Modified 2011-09-11T00:00:00

Description

                                        
                                            Document Title:
===============
BarackObama Online Service - Persistent Web Vulnerability


References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=270
http://www.acunetix.com/blog/news/obama-email-servers-hacked-xss/


Release Date:
=============
2011-09-11


Vulnerability Laboratory ID (VL-ID):
====================================
270


Common Vulnerability Scoring System:
====================================
5.7


Abstract Advisory Information:
==============================
Vulnerability-Lab Team discovered persistent Web Vulnerability on BarackObamas official website service.


Vulnerability Disclosure Timeline:
==================================
2011-08-30:	Vendor Notification
2011-09-19:	Vendor Response/Feedback
2011-**-**:	Vendor Fix/Patch
2011-09-12:	Public or Non-Public Disclosure


Discovery Status:
=================
Published


Affected Product(s):
====================

Exploitation Technique:
=======================
Remote


Severity Level:
===============
High


Technical Details & Description:
================================
A persistent high(-) priority Input Validation vulnerability is detected on BarackObamas official website service.
Attacker can form malicious requests which pass through the backend (not parsed!) & can be displayed as outgoing 
info@barakobama.com mail. Attackers can hijack(steal) backend sessions of the portal users/admins & can send malicious 
mails by the original postbox.


Vulnerable Module(s):
						[+] Signup Volunteer 2012 - BackEnd; Username;Mail & Video

Affected by Bug(s):
						[+] Mail/Website output & multiple other website modules with the same user value output


Pictures:
						../1.png


Proof of Concept (PoC):
=======================
The vulnerability can be exploited by remote attackers. For demonstration or reproduce ...

Reproduce  manually ...
Register on the volunteer form on the website with username & mail as [Script Code] tags
When the malicious content wents through the backend the script code gets executed out of the website content or mail.



PoC Review: *.eml

Delivered-To: x01445@gmail.com
Received: by 10.147.33.19 with SMTP id l19cs9469yaj;
        Sat, 3 Sep 2011 11:23:12 -0700 (PDT)
Received: by 10.229.37.78 with SMTP id w14mr1772614qcd.204.1315074191466;
        Sat, 03 Sep 2011 11:23:11 -0700 (PDT)
Return-Path: &lt;CgdXWAJtUwRSB1ZTUlEGVVNcCQMCBA@bounce.bluestatedigital.com&gt;
Received: from mta-inap13.bluestatedigital.com (mta-inap13.bluestatedigital.com [66.151.230.244])
        by mx.google.com with ESMTP id n5si747729qcv.4.2011.09.03.11.23.11;
        Sat, 03 Sep 2011 11:23:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of CgdXWAJtUwRSB1ZTUlEGVVNcCQMCBA@bounce.bluestatedigital.com designates 66.151.230.244 as permitted sender) client-ip=66.151.230.244;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of CgdXWAJtUwRSB1ZTUlEGVVNcCQMCBA@bounce.bluestatedigital.com designates 66.151.230.244 as permitted sender) smtp.mail=CgdXWAJtUwRSB1ZTUlEGVVNcCQMCBA@bounce.bluestatedigital.com; dkim=pass header.i=@barackobama.com
Received: by mta-inap13.bluestatedigital.com (Postfix, from userid 506)
	id 41A7CBE2C352; Sat,  3 Sep 2011 14:23:11 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=barackobama.com;
	s=ofakey; t=1315074191;
	bh=QHKCl0j8Cp0Mc3aZfKmyPjI9KjZ2eY5HJc9RIhBgTxM=;
	h=Date:To:From:Reply-to:Subject:Message-ID:List-Unsubscribe:
	 MIME-Version:Content-Type;
	b=c5oaAHYcTLcRj3uDwXviO+GYmWfF6tqYGPy4qHbz7aWZTsMd6hCUrbeK/tmkOJeww
	 smvMW58wICsrzvLmziVdTETeSgFkxufSe5xCNH7EwuXC4C1zgpAHxs292kmZb8IDC4
	 UVDVKe5QN1g94HWU82RH8SgB2fsmagCrdxCbgCP8=
Received: from maillist-o 
	by bounce.bluestatedigital.com with local (PHPMailer);
	Sat, 3 Sep 2011 14:23:11 -0400
Date: Sat, 3 Sep 2011 14:23:11 -0400
To: Rem0ve rmhaggi &lt;x01445@gmail.com&gt;
From: "Jeremy Bird, BarackObama.com" &lt;info@barackobama.com&gt;
Reply-to: info@barackobama.com
Subject: Can you organize in &gt;"&lt;iframe src=http://vulnerability-lab.com width=800 height=800&gt;?
Message-ID: &lt;a42628342e2e608822984f3303027815@bounce.bluestatedigital.com&gt;
X-Priority: 3
X-Mailer: PHPMailer [version 1.71-blue_mailer]
X-maillist-id: 5074ffc4540e9163
X-maillist-guid: CgdXWAJtUwRSB1ZTUlEGVVNcCQMCBA
List-Unsubscribe: &lt;http://my.barackobama.com/unsubscribe?email=x01445@gmail.com&gt;
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="b1_a42628342e2e608822984f3303027815"


--b1_a42628342e2e608822984f3303027815
Content-Type: text/plain; charset = "iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Friend --

A couple weeks ago, President Obama sat down for lunch with=20
six of the campaign's summer organizers to thank them for their=20
work and share some of the lessons he learned when he was a=20
first-time community organizer himself.

He made the time because organizing is at the heart of this=20
movement. It's how we're building our operation from the ground=20
up over the next 14 months.

As we pause this weekend to celebrate the working men and=20
women in our country who fought for the right to organize, it's=20
worth taking a few minutes to listen to what the President had to=20
say -- and think about how we'll organize this campaign in the=20
months to come.

Check out this video from the President's lunch to hear him speak=20
in his own words about what it means to organize. Then will you=20
sign up to be a volunteer for 2012 in &gt;"&lt;iframe =
src=3Dhttp://vulnerability-lab.com width=3D800 height=3D800&gt;?

Yes, I'll sign up to volunteer:

http://my.barackobama.com/Labor-Day-Volunteer6

Not right now, but I'll chip in $5 to help build the campaign:

https://donate.barackobama.com/Labor-Day-Vol-Donate2

Labor Day has added significance in the political calendar -- it's seen=20
as the moment when the race for the Republican nomination will=20
really heat up.

That means we need to be prepared for even more false attacks=20
on the President's record as our prospective opponents try to build=20
their own campaigns.

But we'll win this election the same way we won the last one: through=20
people stepping up locally, taking the lead in the communities they=20
know best.

Some supporters will dedicate months to this campaign, while others=20
will pop in for a few volunteer shifts here and there. Any time and=20
expertise you can share helps grow this organization -- and brings=20
people together to make our country greater.

That's a strategy our prospective opponents won't follow.

Watch the video, then sign up to volunteer in your community:

http://my.barackobama.com/Labor-Day-Volunteer6

Our job from now until November 2012 is to keep working to bring=20
more people into the political process. And that begins and ends with=20
organizing.

Hope you have a great Labor Day weekend.

Jeremy

Jeremy Bird
National Field Director
Obama for America


---------
This campaign isn't funded by Washington lobbyists or corporate =
interests.=20
We rely on donations from people like you. You should donate today:

https://donate.barackobama.com/Labor-Day-Vol-Donate2

---------------------------------------------------------------------
Paid for by Obama for America

Contributions or gifts to Obama for America are not tax deductible.

This email was sent to: x01445@gmail.com
To update your address, go to: =
http://www.barackobama.com/change-address?email=3Dx01445@gmail.com
To unsubscribe, go to: http://my.barackobama.com/unsubscription


--b1_a42628342e2e608822984f3303027815
Content-Type: text/html; charset = "iso-8859-1"
Content-Transfer-Encoding: quoted-printable

&lt;!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" =
"http://www.w3.org/TR/REC-html40/loose.dtd"&gt;
&lt;html =
xmlns=3D"http://www.w3.org/1999/xhtml"&gt;&lt;head&gt;&lt;title&gt;&lt;/title&gt;&lt;/head&gt;&lt;body&gt;
	   &lt;style type=3D"text/css"&gt;
	       a { color:#0270a0; }
	       @media only screen and (max-device-width: 480px) {
	           .hide-img {display: none;}
	       }
	   &lt;/style&gt;&lt;table width=3D"100%" align=3D"center" cellpadding=3D"0" =
cellspacing=3D"0" style=3D"padding-top:10px;"&gt;&lt;tr&gt;&lt;td align=3D"center"&gt;
	           =20
	                   &lt;img src=3D"http://do9a31swnqi1j.cloudfront.net/images=
/email-wrapper/header_logo.jpg" alt=3D"2012" width=3D"135" height=3D"58" =
border=3D"0" style=3D"display:block; border:none; outline:none;"&gt;&lt;/td&gt;
	       &lt;/tr&gt;&lt;tr&gt;&lt;td style=3D"font-family:arial, helvetica, sans-serif; =
font-size:12px; color:#333333; padding-top:20px; padding-bottom:20px; =
line-height:1.4;"&gt;
                   =20
Friend --&lt;br&gt;&lt;br&gt;

A couple weeks ago, President Obama sat down for lunch with six of the =
campaign's summer organizers to thank them for their work and share some =
of the lessons he learned when he was a first-time community organizer =
himself.&lt;br&gt;&lt;br&gt;

He made the time because organizing is at the heart of this movement. It's =
how we're building our operation from the ground up over the next 14 =
months.&lt;br&gt;&lt;br&gt;

As we pause this weekend to celebrate the working men and women in our =
country who fought for the right to organize, it's worth taking a few =
minutes to listen to what the President had to say -- and think about how =
we'll organize this campaign in the months to come.&lt;br&gt;&lt;br&gt;&lt;strong&gt;Check =
out this video from the President's lunch to hear him speak in his own =
words about what it means to organize.&lt;/strong&gt; Then will you sign up to =
be a volunteer for 2012 in &gt;"&lt;iframe src=3Dhttp://vulnerability-lab.com =
width=3D800 height=3D800&gt;?&lt;br&gt;&lt;br&gt;&lt;center&gt;&lt;a href=3D"http://my.barackobama=
.com/page/m/55c11861/6c7a71b4/10bb41480/11890d1c/2677721858/VEsH/p/eyJKU1Z=
GVFVGSlRDVWwiOiJ4MDE0NDVAZ21haWwuY29tIiwiSlNWYVNWQWxKUT09IjoiMzUyMzQiLCJKU=
1ZHU1ZKVFZFNUJUVVVsSlE9PSI6IlJlbTB2ZSIsIkpTVk1RVk5VVGtGTlJTVWwiOiJybWhhZ2d=
pIn0=3D/"&gt;&lt;img src=3D"http://assets.bostatic.com/images/email/campaigns/o2=
012_video_thumbnail_lunch.jpg" alt=3D"Video: President Obama on =
organizing" width=3D"325" height=3D"200 =
border=3D"&gt;&lt;/a&gt;&lt;/center&gt;&lt;br&gt;&lt;br&gt;&lt;strong&gt;&lt;u&gt;&lt;a href=3D"http://my.barackobam=
a.com/page/m/55c11861/6c7a71b4/10bb41480/11890d1c/2677721858/VEsE/p/eyJKU1=
ZGVFVGSlRDVWwiOiJ4MDE0NDVAZ21haWwuY29tIiwiSlNWYVNWQWxKUT09IjoiMzUyMzQiLCJK=
U1ZHU1ZKVFZFNUJUVVVsSlE9PSI6IlJlbTB2ZSIsIkpTVk1RVk5VVGtGTlJTVWwiOiJybWhhZ2=
dpIn0=3D/"&gt;Yes, I'll sign up to volunteer.&lt;/a&gt;&lt;/u&gt;&lt;br&gt;&lt;br&gt;&lt;u&gt;&lt;a =
href=3D"http://my.barackobama.com/page/m/55c11861/6c7a71b4/10bb41480/11891=
018/2677721858/VEsF/p/eyJKU1ZEVlZOVVQwMWZSRUZVUVZORlZGdHpiSFZuUFdadmJHUmxj=
bDlrWVhSaGMyVjBMR3RsZVQxbWIyeGtaWEpmYUdGemFGMGxKUT09IjoiIiwiSlNWRFZWTlVUMD=
FmUkVGVVFWTkZWRnR6YkhWblBXWnBiR1ZmWkdGMFlYTmxkQ3hyWlhrOVptbHNaVjlvWVhOb1hT=
VWwiOiIifQ=3D=3D/"&gt;Not right now, but I'll chip in $5 to help build the =
campaign.&lt;/a&gt;&lt;/u&gt;&lt;/strong&gt;&lt;br&gt;&lt;br&gt;

Labor Day has added significance in the political calendar -- it's seen as =
the moment when the race for the Republican nomination will really heat =
up.&lt;br&gt;&lt;br&gt;

That means we need to be prepared for even more false attacks on the =
President's record as our prospective opponents try to build their own =
campaigns.&lt;br&gt;&lt;br&gt;

But we'll win this election the same way we won the last one: through =
people stepping up locally, taking the lead in the communities they know =
best.&lt;br&gt;&lt;br&gt;

Some supporters will dedicate months to this campaign, while others will =
pop in for a few volunteer shifts here and there. Any time and expertise =
you can share helps grow this organization -- and brings people together =
to make our country greater.&lt;br&gt;&lt;br&gt;

That's a strategy our prospective opponents won't follow.&lt;br&gt;&lt;br&gt;

Watch the video, then sign up to volunteer in your =
community:&lt;br&gt;&lt;br&gt;&lt;strong&gt;&lt;a href=3D"http://my.barackobama.com/page/m/55c1=
1861/6c7a71b4/10bb41480/11890d1c/2677721858/VEsC/p/eyJKU1ZGVFVGSlRDVWwiOiJ=
4MDE0NDVAZ21haWwuY29tIiwiSlNWYVNWQWxKUT09IjoiMzUyMzQiLCJKU1ZHU1ZKVFZFNUJUV=
VVsSlE9PSI6IlJlbTB2ZSIsIkpTVk1RVk5VVGtGTlJTVWwiOiJybWhhZ2dpIn0=3D/"&gt;http:/=
/my.barackobama.com/Labor-Day-Volunteer&lt;/a&gt;&lt;/strong&gt;&lt;br&gt;&lt;br&gt;

Our job from now until November 2012 is to keep working to bring more =
people into the political process. And that begins and ends with =
organizing.&lt;br&gt;&lt;br&gt;

Hope you have a great Labor Day weekend.&lt;br&gt;&lt;br&gt;

Jeremy&lt;br&gt;&lt;br&gt;

Jeremy Bird&lt;br&gt;
National Field Director&lt;br&gt;
Obama for America&lt;br&gt;&lt;br&gt;&lt;br&gt;

-----------&lt;br&gt;&lt;strong&gt;This campaign isn't funded by Washington lobbyists =
or corporate interests.&lt;/strong&gt; We rely on donations from people like =
you. &lt;strong&gt;&lt;u&gt;&lt;a href=3D"http://my.barackobama.com/page/m/55c11861/6c7a7=
1b4/10bb41480/11891018/2677721858/VEsD/p/eyJKU1ZEVlZOVVQwMWZSRUZVUVZORlZGd=
HpiSFZuUFdadmJHUmxjbDlrWVhSaGMyVjBMR3RsZVQxbWIyeGtaWEpmYUdGemFGMGxKUT09Ijo=
iIiwiSlNWRFZWTlVUMDFmUkVGVVFWTkZWRnR6YkhWblBXWnBiR1ZmWkdGMFlYTmxkQ3hyWlhrO=
VptbHNaVjlvWVhOb1hTVWwiOiIifQ=3D=3D/"&gt;You should donate =
today.&lt;/a&gt;&lt;/u&gt;&lt;/strong&gt;&lt;br&gt;&lt;br&gt;&lt;/td&gt;
	       &lt;/tr&gt;&lt;tr&gt;&lt;td align=3D"center"&gt;

	               &lt;img src=3D"http://do9a31swnqi1j.cloudfront.net/images/ema=
il-wrapper/paidfor.png" alt=3D"Paid for by Obama for America"&gt;&lt;/td&gt;
	       &lt;/tr&gt;&lt;tr&gt;&lt;td align=3D"center"&gt;
	               &lt;p style=3D"font-size:10px; color:#555555; =
margin-top:10px; margin-bottom:0px; font-family:arial, helvetica, =
sans-serif;"&gt;Contributions or gifts to Obama for America are not tax =
deductible.&lt;/p&gt;
	             =20
	           &lt;/td&gt;
	       &lt;/tr&gt;&lt;tr&gt;&lt;td align=3D"center"&gt;
	               &lt;p style=3D"font-size:10px; color:#555555; =
margin-top:10px; margin-bottom:0px; font-family:arial, helvetica, =
sans-serif;"&gt;This email was sent to: &lt;b&gt;x01445@gmail.com&lt;/b&gt;&lt;/p&gt;
	               &lt;p style=3D"font-size:10px; color:#555555; margin-top:2px; =
font-family:arial, helvetica, sans-serif;"&gt;
	                   &lt;a href=3D"http://my.barackobama.com/page/m/55c11861/6=
c7a71b4/10bb41480/11890d1e/2677721858/VEsA/p/eyJKU1ZGVFVGSlRDVWwiOiJ4MDE0N=
DVAZ21haWwuY29tIn0=3D/"&gt;Update address&lt;/a&gt; | &lt;a href=3D"http://my.barackob=
ama.com/page/m/55c11861/6c7a71b4/10bb41480/11890d19/2677721858/VEsB/"&gt;Unsu=
bscribe&lt;/a&gt;

	               &lt;/p&gt;
	           &lt;/td&gt;
	       &lt;/tr&gt;&lt;/table&gt;&lt;img src=3D"http://my.barackobama.com/page/o/55c11861=
/6c7a71b4/10bb41480/11890d18/2677721858/open.gif" width=3D"22" =
height=3D"1"&gt;&lt;/body&gt;&lt;/html&gt;
--b1_a42628342e2e608822984f3303027815--



NOTE:
The reproduce you can use the testers profile with the name & mail.


Solution - Fix & Patch:
=======================
Restrict/Parse the username + mail input fields. (Backend;Frontend). To prevent against implemented strings from ago(2010/2011) you 
can patch/fix the bound output sections were username or mail data is displayed.


Security Risk:
==============
The security risk of the persistent vulnerability is estimated as high(-).


Credits & Authors:
==================
Vulnerability Research Laboratory -   Benjamin Kunz Mejri (Rem0ve)


Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, 
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business 
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some 
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation 
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases 
or trade with fraud/stolen material.

Domains:    www.vulnerability-lab.com   	- www.vuln-lab.com			       - www.vulnerability-lab.com/register
Contact:    admin@vulnerability-lab.com 	- support@vulnerability-lab.com 	       - research@vulnerability-lab.com
Section:    video.vulnerability-lab.com 	- forum.vulnerability-lab.com 		       - news.vulnerability-lab.com
Social:	    twitter.com/#!/vuln_lab 		- facebook.com/VulnerabilityLab 	       - youtube.com/user/vulnerability0lab
Feeds:	    vulnerability-lab.com/rss/rss.php	- vulnerability-lab.com/rss/rss_upcoming.php   - vulnerability-lab.com/rss/rss_news.php

Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. 
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other 
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and 
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), 
modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission.

    				   	Copyright © 2012 | Vulnerability Laboratory

JSON Vulners Source

Initial Source

{"href": "http://www.vulnerability-lab.com/get_content.php?id=270", "history": [], "sourceData": "Document Title:\r\n===============\r\nBarackObama Online Service - Persistent Web Vulnerability\r\n\r\n\r\nReferences (Source):\r\n====================\r\nhttp://www.vulnerability-lab.com/get_content.php?id=270\r\nhttp://www.acunetix.com/blog/news/obama-email-servers-hacked-xss/\r\n\r\n\r\nRelease Date:\r\n=============\r\n2011-09-11\r\n\r\n\r\nVulnerability Laboratory ID (VL-ID):\r\n====================================\r\n270\r\n\r\n\r\nCommon Vulnerability Scoring System:\r\n====================================\r\n5.7\r\n\r\n\r\nAbstract Advisory Information:\r\n==============================\r\nVulnerability-Lab Team discovered persistent Web Vulnerability on BarackObamas official website service.\r\n\r\n\r\nVulnerability Disclosure Timeline:\r\n==================================\r\n2011-08-30:\tVendor Notification\r\n2011-09-19:\tVendor Response/Feedback\r\n2011-**-**:\tVendor Fix/Patch\r\n2011-09-12:\tPublic or Non-Public Disclosure\r\n\r\n\r\nDiscovery Status:\r\n=================\r\nPublished\r\n\r\n\r\nAffected Product(s):\r\n====================\r\n\r\nExploitation Technique:\r\n=======================\r\nRemote\r\n\r\n\r\nSeverity Level:\r\n===============\r\nHigh\r\n\r\n\r\nTechnical Details & Description:\r\n================================\r\nA persistent high(-) priority Input Validation vulnerability is detected on BarackObamas official website service.\r\nAttacker can form malicious requests which pass through the backend (not parsed!) & can be displayed as outgoing \r\ninfo@barakobama.com mail. Attackers can hijack(steal) backend sessions of the portal users/admins & can send malicious \r\nmails by the original postbox.\r\n\r\n\r\nVulnerable Module(s):\r\n\t\t\t\t\t\t[+] Signup Volunteer 2012 - BackEnd; Username;Mail & Video\r\n\r\nAffected by Bug(s):\r\n\t\t\t\t\t\t[+] Mail/Website output & multiple other website modules with the same user value output\r\n\r\n\r\nPictures:\r\n\t\t\t\t\t\t../1.png\r\n\r\n\r\nProof of Concept (PoC):\r\n=======================\r\nThe vulnerability can be exploited by remote attackers. For demonstration or reproduce ...\r\n\r\nReproduce manually ...\r\nRegister on the volunteer form on the website with username & mail as [Script Code] tags\r\nWhen the malicious content wents through the backend the script code gets executed out of the website content or mail.\r\n\r\n\r\n\r\nPoC Review: *.eml\r\n\r\nDelivered-To: x01445@gmail.com\r\nReceived: by 10.147.33.19 with SMTP id l19cs9469yaj;\r\n Sat, 3 Sep 2011 11:23:12 -0700 (PDT)\r\nReceived: by 10.229.37.78 with SMTP id w14mr1772614qcd.204.1315074191466;\r\n Sat, 03 Sep 2011 11:23:11 -0700 (PDT)\r\nReturn-Path: <CgdXWAJtUwRSB1ZTUlEGVVNcCQMCBA@bounce.bluestatedigital.com>\r\nReceived: from mta-inap13.bluestatedigital.com (mta-inap13.bluestatedigital.com [66.151.230.244])\r\n by mx.google.com with ESMTP id n5si747729qcv.4.2011.09.03.11.23.11;\r\n Sat, 03 Sep 2011 11:23:11 -0700 (PDT)\r\nReceived-SPF: pass (google.com: domain of CgdXWAJtUwRSB1ZTUlEGVVNcCQMCBA@bounce.bluestatedigital.com designates 66.151.230.244 as permitted sender) client-ip=66.151.230.244;\r\nAuthentication-Results: mx.google.com; spf=pass (google.com: domain of CgdXWAJtUwRSB1ZTUlEGVVNcCQMCBA@bounce.bluestatedigital.com designates 66.151.230.244 as permitted sender) smtp.mail=CgdXWAJtUwRSB1ZTUlEGVVNcCQMCBA@bounce.bluestatedigital.com; dkim=pass header.i=@barackobama.com\r\nReceived: by mta-inap13.bluestatedigital.com (Postfix, from userid 506)\r\n\tid 41A7CBE2C352; Sat, 3 Sep 2011 14:23:11 -0400 (EDT)\r\nDKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=barackobama.com;\r\n\ts=ofakey; t=1315074191;\r\n\tbh=QHKCl0j8Cp0Mc3aZfKmyPjI9KjZ2eY5HJc9RIhBgTxM=;\r\n\th=Date:To:From:Reply-to:Subject:Message-ID:List-Unsubscribe:\r\n\t MIME-Version:Content-Type;\r\n\tb=c5oaAHYcTLcRj3uDwXviO+GYmWfF6tqYGPy4qHbz7aWZTsMd6hCUrbeK/tmkOJeww\r\n\t smvMW58wICsrzvLmziVdTETeSgFkxufSe5xCNH7EwuXC4C1zgpAHxs292kmZb8IDC4\r\n\t UVDVKe5QN1g94HWU82RH8SgB2fsmagCrdxCbgCP8=\r\nReceived: from maillist-o \r\n\tby bounce.bluestatedigital.com with local (PHPMailer);\r\n\tSat, 3 Sep 2011 14:23:11 -0400\r\nDate: Sat, 3 Sep 2011 14:23:11 -0400\r\nTo: Rem0ve rmhaggi <x01445@gmail.com>\r\nFrom: \"Jeremy Bird, BarackObama.com\" <info@barackobama.com>\r\nReply-to: info@barackobama.com\r\nSubject: Can you organize in >\"<iframe src=http://vulnerability-lab.com width=800 height=800>?\r\nMessage-ID: <a42628342e2e608822984f3303027815@bounce.bluestatedigital.com>\r\nX-Priority: 3\r\nX-Mailer: PHPMailer [version 1.71-blue_mailer]\r\nX-maillist-id: 5074ffc4540e9163\r\nX-maillist-guid: CgdXWAJtUwRSB1ZTUlEGVVNcCQMCBA\r\nList-Unsubscribe: <http://my.barackobama.com/unsubscribe?email=x01445@gmail.com>\r\nMIME-Version: 1.0\r\nContent-Type: multipart/alternative;\r\n\tboundary=\"b1_a42628342e2e608822984f3303027815\"\r\n\r\n\r\n--b1_a42628342e2e608822984f3303027815\r\nContent-Type: text/plain; charset = \"iso-8859-1\"\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\nFriend --\r\n\r\nA couple weeks ago, President Obama sat down for lunch with=20\r\nsix of the campaign's summer organizers to thank them for their=20\r\nwork and share some of the lessons he learned when he was a=20\r\nfirst-time community organizer himself.\r\n\r\nHe made the time because organizing is at the heart of this=20\r\nmovement. It's how we're building our operation from the ground=20\r\nup over the next 14 months.\r\n\r\nAs we pause this weekend to celebrate the working men and=20\r\nwomen in our country who fought for the right to organize, it's=20\r\nworth taking a few minutes to listen to what the President had to=20\r\nsay -- and think about how we'll organize this campaign in the=20\r\nmonths to come.\r\n\r\nCheck out this video from the President's lunch to hear him speak=20\r\nin his own words about what it means to organize. Then will you=20\r\nsign up to be a volunteer for 2012 in >\"<iframe =\r\nsrc=3Dhttp://vulnerability-lab.com width=3D800 height=3D800>?\r\n\r\nYes, I'll sign up to volunteer:\r\n\r\nhttp://my.barackobama.com/Labor-Day-Volunteer6\r\n\r\nNot right now, but I'll chip in $5 to help build the campaign:\r\n\r\nhttps://donate.barackobama.com/Labor-Day-Vol-Donate2\r\n\r\nLabor Day has added significance in the political calendar -- it's seen=20\r\nas the moment when the race for the Republican nomination will=20\r\nreally heat up.\r\n\r\nThat means we need to be prepared for even more false attacks=20\r\non the President's record as our prospective opponents try to build=20\r\ntheir own campaigns.\r\n\r\nBut we'll win this election the same way we won the last one: through=20\r\npeople stepping up locally, taking the lead in the communities they=20\r\nknow best.\r\n\r\nSome supporters will dedicate months to this campaign, while others=20\r\nwill pop in for a few volunteer shifts here and there. Any time and=20\r\nexpertise you can share helps grow this organization -- and brings=20\r\npeople together to make our country greater.\r\n\r\nThat's a strategy our prospective opponents won't follow.\r\n\r\nWatch the video, then sign up to volunteer in your community:\r\n\r\nhttp://my.barackobama.com/Labor-Day-Volunteer6\r\n\r\nOur job from now until November 2012 is to keep working to bring=20\r\nmore people into the political process. And that begins and ends with=20\r\norganizing.\r\n\r\nHope you have a great Labor Day weekend.\r\n\r\nJeremy\r\n\r\nJeremy Bird\r\nNational Field Director\r\nObama for America\r\n\r\n\r\n---------\r\nThis campaign isn't funded by Washington lobbyists or corporate =\r\ninterests.=20\r\nWe rely on donations from people like you. You should donate today:\r\n\r\nhttps://donate.barackobama.com/Labor-Day-Vol-Donate2\r\n\r\n---------------------------------------------------------------------\r\nPaid for by Obama for America\r\n\r\nContributions or gifts to Obama for America are not tax deductible.\r\n\r\nThis email was sent to: x01445@gmail.com\r\nTo update your address, go to: =\r\nhttp://www.barackobama.com/change-address?email=3Dx01445@gmail.com\r\nTo unsubscribe, go to: http://my.barackobama.com/unsubscription\r\n\r\n\r\n--b1_a42628342e2e608822984f3303027815\r\nContent-Type: text/html; charset = \"iso-8859-1\"\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" =\r\n\"http://www.w3.org/TR/REC-html40/loose.dtd\">\r\n<html =\r\nxmlns=3D\"http://www.w3.org/1999/xhtml\"><head><title></title></head><body>\r\n\t <style type=3D\"text/css\">\r\n\t a { color:#0270a0; }\r\n\t @media only screen and (max-device-width: 480px) {\r\n\t .hide-img {display: none;}\r\n\t }\r\n\t </style><table width=3D\"100%\" align=3D\"center\" cellpadding=3D\"0\" =\r\ncellspacing=3D\"0\" style=3D\"padding-top:10px;\"><tr><td align=3D\"center\">\r\n\t =20\r\n\t <img src=3D\"http://do9a31swnqi1j.cloudfront.net/images=\r\n/email-wrapper/header_logo.jpg\" alt=3D\"2012\" width=3D\"135\" height=3D\"58\" =\r\nborder=3D\"0\" style=3D\"display:block; border:none; outline:none;\"></td>\r\n\t </tr><tr><td style=3D\"font-family:arial, helvetica, sans-serif; =\r\nfont-size:12px; color:#333333; padding-top:20px; padding-bottom:20px; =\r\nline-height:1.4;\">\r\n =20\r\nFriend -- \r\n\r\nA couple weeks ago, President Obama sat down for lunch with six of the =\r\ncampaign's summer organizers to thank them for their work and share some =\r\nof the lessons he learned when he was a first-time community organizer =\r\nhimself. \r\n\r\nHe made the time because organizing is at the heart of this movement. It's =\r\nhow we're building our operation from the ground up over the next 14 =\r\nmonths. \r\n\r\nAs we pause this weekend to celebrate the working men and women in our =\r\ncountry who fought for the right to organize, it's worth taking a few =\r\nminutes to listen to what the President had to say -- and think about how =\r\nwe'll organize this campaign in the months to come. Check =\r\nout this video from the President's lunch to hear him speak in his own =\r\nwords about what it means to organize. Then will you sign up to =\r\nbe a volunteer for 2012 in >\"<iframe src=3Dhttp://vulnerability-lab.com =\r\nwidth=3D800 height=3D800>? <center><a href=3D\"http://my.barackobama=\r\n.com/page/m/55c11861/6c7a71b4/10bb41480/11890d1c/2677721858/VEsH/p/eyJKU1Z=\r\nGVFVGSlRDVWwiOiJ4MDE0NDVAZ21haWwuY29tIiwiSlNWYVNWQWxKUT09IjoiMzUyMzQiLCJKU=\r\n1ZHU1ZKVFZFNUJUVVVsSlE9PSI6IlJlbTB2ZSIsIkpTVk1RVk5VVGtGTlJTVWwiOiJybWhhZ2d=\r\npIn0=3D/\"><img src=3D\"http://assets.bostatic.com/images/email/campaigns/o2=\r\n012_video_thumbnail_lunch.jpg\" alt=3D\"Video: President Obama on =\r\norganizing\" width=3D\"325\" height=3D\"200 =\r\nborder=3D\"></a></center> <a href=3D\"http://my.barackobam=\r\na.com/page/m/55c11861/6c7a71b4/10bb41480/11890d1c/2677721858/VEsE/p/eyJKU1=\r\nZGVFVGSlRDVWwiOiJ4MDE0NDVAZ21haWwuY29tIiwiSlNWYVNWQWxKUT09IjoiMzUyMzQiLCJK=\r\nU1ZHU1ZKVFZFNUJUVVVsSlE9PSI6IlJlbTB2ZSIsIkpTVk1RVk5VVGtGTlJTVWwiOiJybWhhZ2=\r\ndpIn0=3D/\">Yes, I'll sign up to volunteer.</a> <a =\r\nhref=3D\"http://my.barackobama.com/page/m/55c11861/6c7a71b4/10bb41480/11891=\r\n018/2677721858/VEsF/p/eyJKU1ZEVlZOVVQwMWZSRUZVUVZORlZGdHpiSFZuUFdadmJHUmxj=\r\nbDlrWVhSaGMyVjBMR3RsZVQxbWIyeGtaWEpmYUdGemFGMGxKUT09IjoiIiwiSlNWRFZWTlVUMD=\r\nFmUkVGVVFWTkZWRnR6YkhWblBXWnBiR1ZmWkdGMFlYTmxkQ3hyWlhrOVptbHNaVjlvWVhOb1hT=\r\nVWwiOiIifQ=3D=3D/\">Not right now, but I'll chip in $5 to help build the =\r\ncampaign.</a> \r\n\r\nLabor Day has added significance in the political calendar -- it's seen as =\r\nthe moment when the race for the Republican nomination will really heat =\r\nup. \r\n\r\nThat means we need to be prepared for even more false attacks on the =\r\nPresident's record as our prospective opponents try to build their own =\r\ncampaigns. \r\n\r\nBut we'll win this election the same way we won the last one: through =\r\npeople stepping up locally, taking the lead in the communities they know =\r\nbest. \r\n\r\nSome supporters will dedicate months to this campaign, while others will =\r\npop in for a few volunteer shifts here and there. Any time and expertise =\r\nyou can share helps grow this organization -- and brings people together =\r\nto make our country greater. \r\n\r\nThat's a strategy our prospective opponents won't follow. \r\n\r\nWatch the video, then sign up to volunteer in your =\r\ncommunity: <a href=3D\"http://my.barackobama.com/page/m/55c1=\r\n1861/6c7a71b4/10bb41480/11890d1c/2677721858/VEsC/p/eyJKU1ZGVFVGSlRDVWwiOiJ=\r\n4MDE0NDVAZ21haWwuY29tIiwiSlNWYVNWQWxKUT09IjoiMzUyMzQiLCJKU1ZHU1ZKVFZFNUJUV=\r\nVVsSlE9PSI6IlJlbTB2ZSIsIkpTVk1RVk5VVGtGTlJTVWwiOiJybWhhZ2dpIn0=3D/\">http:/=\r\n/my.barackobama.com/Labor-Day-Volunteer</a> \r\n\r\nOur job from now until November 2012 is to keep working to bring more =\r\npeople into the political process. And that begins and ends with =\r\norganizing. \r\n\r\nHope you have a great Labor Day weekend. \r\n\r\nJeremy \r\n\r\nJeremy Bird \r\nNational Field Director \r\nObama for America \r\n\r\n----------- This campaign isn't funded by Washington lobbyists =\r\nor corporate interests. We rely on donations from people like =\r\nyou. <a href=3D\"http://my.barackobama.com/page/m/55c11861/6c7a7=\r\n1b4/10bb41480/11891018/2677721858/VEsD/p/eyJKU1ZEVlZOVVQwMWZSRUZVUVZORlZGd=\r\nHpiSFZuUFdadmJHUmxjbDlrWVhSaGMyVjBMR3RsZVQxbWIyeGtaWEpmYUdGemFGMGxKUT09Ijo=\r\niIiwiSlNWRFZWTlVUMDFmUkVGVVFWTkZWRnR6YkhWblBXWnBiR1ZmWkdGMFlYTmxkQ3hyWlhrO=\r\nVptbHNaVjlvWVhOb1hTVWwiOiIifQ=3D=3D/\">You should donate =\r\ntoday.</a> </td>\r\n\t </tr><tr><td align=3D\"center\">\r\n\r\n\t <img src=3D\"http://do9a31swnqi1j.cloudfront.net/images/ema=\r\nil-wrapper/paidfor.png\" alt=3D\"Paid for by Obama for America\"></td>\r\n\t </tr><tr><td align=3D\"center\">\r\n\t Contributions or gifts to Obama for America are not tax =\r\ndeductible.\r\n\t =20\r\n\t </td>\r\n\t </tr><tr><td align=3D\"center\">\r\n\t This email was sent to: x01445@gmail.com\r\n\t \r\n\t <a href=3D\"http://my.barackobama.com/page/m/55c11861/6=\r\nc7a71b4/10bb41480/11890d1e/2677721858/VEsA/p/eyJKU1ZGVFVGSlRDVWwiOiJ4MDE0N=\r\nDVAZ21haWwuY29tIn0=3D/\">Update address</a> | <a href=3D\"http://my.barackob=\r\nama.com/page/m/55c11861/6c7a71b4/10bb41480/11890d19/2677721858/VEsB/\">Unsu=\r\nbscribe</a>\r\n\r\n\t \r\n\t </td>\r\n\t </tr></table><img src=3D\"http://my.barackobama.com/page/o/55c11861=\r\n/6c7a71b4/10bb41480/11890d18/2677721858/open.gif\" width=3D\"22\" =\r\nheight=3D\"1\"></body></html>\r\n--b1_a42628342e2e608822984f3303027815--\r\n\r\n\r\n\r\nNOTE:\r\nThe reproduce you can use the testers profile with the name & mail.\r\n\r\n\r\nSolution - Fix & Patch:\r\n=======================\r\nRestrict/Parse the username + mail input fields. (Backend;Frontend). To prevent against implemented strings from ago(2010/2011) you \r\ncan patch/fix the bound output sections were username or mail data is displayed.\r\n\r\n\r\nSecurity Risk:\r\n==============\r\nThe security risk of the persistent vulnerability is estimated as high(-).\r\n\r\n\r\nCredits & Authors:\r\n==================\r\nVulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve)\r\n\r\n\r\nDisclaimer & Information:\r\n=========================\r\nThe information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, \r\neither expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-\r\nLab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business \r\nprofits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some \r\nstates do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation \r\nmay not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases \r\nor trade with fraud/stolen material.\r\n\r\nDomains: www.vulnerability-lab.com \t- www.vuln-lab.com\t\t\t - www.vulnerability-lab.com/register\r\nContact: admin@vulnerability-lab.com \t- support@vulnerability-lab.com \t - research@vulnerability-lab.com\r\nSection: video.vulnerability-lab.com \t- forum.vulnerability-lab.com \t\t - news.vulnerability-lab.com\r\nSocial:\t twitter.com/#!/vuln_lab \t\t- facebook.com/VulnerabilityLab \t - youtube.com/user/vulnerability0lab\r\nFeeds:\t vulnerability-lab.com/rss/rss.php\t- vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php\r\n\r\nAny modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. \r\nPermission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other \r\nmedia, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and \r\nother information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), \r\nmodify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission.\r\n\r\n \t\t\t\t \tCopyright \u00a9 2012 | Vulnerability Laboratory\r\n\r\n\r\n\r\n", "bulletinFamily": "exploit", "modified": "2011-09-11T00:00:00", "title": "BarackObama Online Service - Persistent Web Vulnerability", "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "description": "", "viewCount": 5, "published": "2011-09-11T00:00:00", "edition": 1, "hash": "c980265b4a39d5efa8c54434ae89c9933a9c12a01598bebbd8a13d496bb4dc5a", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "855e308101b61e3f6a551d3721db5914"}, {"key": "modified", "hash": "b1e510f95804cde6623303713473024b"}, {"key": "published", "hash": "b1e510f95804cde6623303713473024b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "48350405bf0d8e70b580af494ce1ed1c"}, {"key": "sourceData", "hash": "4982ebe8115f599b1d6f4a1a3b837081"}, {"key": "title", "hash": "be4dca959862f93220d45c132199192b"}, {"key": "type", "hash": "c51e07649f7fd47199f456897e9390ca"}], "id": "VULNERLAB:270", "type": "vulnerlab", "lastseen": "2018-03-01T19:13:58", "reporter": "Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve)", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2018-03-01T19:13:58"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "references": []}