Lucene search
K

IBM Virtual Security Operations Center (VSOC) Cross Site Scripting Vulnerability

🗓️ 02 Apr 2018 00:00:00Reported by Kushal JaisinghType 
zdt
 zdt
🔗 0day.today👁 23 Views

IBM Virtual Security Operations Center (VSOC) Cross Site Scripting Vulnerability in Ticketing Porta

Code
# Exploit Title: IBM Virtual Security Operations Center (VSOC) - Cross Site Scripting (XSS)
# Date: August 2, 2018
# Portal Link: https://portal.sec.ibm.com
# Exploit Author: Kushal Jaisingh
# Contact: https://ca.linkedin.com/in/kushaljaisingh
# Category: WebApps, XSS

1. Description

Below are the steps to reproduce the reflected cross site scripting (XSS) vulnerability found in IBM's Virtual Security Operations Center (VSOC) ticketing portal. IBM and clients use the VSOC portal to open tickets related to IBM's security related service offerings such as QRadar and other security appliances.

2. Proof of Concept

Steps to reproduce XSS alert popup:

1.) Goto https://portal.sec.ibm.com
2.) Login
3.) Once logged, locate the search box in the top right hand corner of the page labelled "Search Portal"
4.) Paste the following XSS payload into the search box: '});alert(1);//
5.) Hit enter on your keyboard to search, once the page loads you will be alerted with a XSS window.

3. Explanation:

I noticed search queries were being reflected inside the script tag. So in my XSS payload I began by completing the syntax for the query argument using a single quote followed by a curly bracket. Next, I completed the syntax for the function the query variable fed into using a right parenthesis. Finally, I ended the previous instruction with a semicolon and injected my own JavaScript instruction alert(1); which created the XSS window. I also included a double slash at the end commenting out anything else coming after on the line.

4. Solution:

Never trust any user provided inputs. Always sanitize user provided inputs to prevent cross site scripting.

#  0day.today [2018-04-09]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Apr 2018 00:00Current
7.4High risk
Vulners AI Score7.4
23