Security G33k: acunetix

Saturday, 8 February 2014

XSS (Cross Site Scripting) Vulnerability Found in Dell.com

According to OWASP, Cross-Site Scripting (XSS) attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page

From: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

On May 28th 2013, an XSS vulnerability on Dell.com website was found and posted at pastebin.com.

(screenshot of the XSS on Dell)

As of now, the XSS vulnerability is fixed and could not be reproduced. However, on Jan 20th 2014, a security analyst by the name of Jordan Jones found the same issue on a different page of the same website and posted a screen shot of the POC on Twitter.

(the twitter post by Jordan Jones)

(the executed vulnerability)

He was kind enough to inform Dell Security team via Twitter about the vulnerability which led Dell to inform him the person to contact.

(Jordan Jones interaction with Dell Security)

At the same time, he also posted more information about the vulnerability on pastebin.com

(more information about the vulnerability)

Further injection of script can be tested on the parameter besides the window alert as screengrabbed by Jordan Jones. Below, is another way to exploit the vulnerability. By injecting an image to the parameter which leads to this:

(image injection to the vulnerable parameter)

To date, Dell has yet to fix this vulnerability. XSS is a serious vulnerability that is rated as High or Critical by most vulnerability scanners including Qualys and Acunetix and a well known company like Dell should fix this vulnerability as soon as possible.

Sunday, 30 June 2013

SSLv2 Depreciated Protocol - Validating the Findings

In this post, we will look at some tools used to analyze whether the web server is using SSL version 2.

SSLv2 Depereciated Protocol as stated by Acunetix

Ref: http://www.acunetix.com/vulnerabilities/ssl-2-0-deprecated-protoc/

Description

The remote service encrypts traffic using an old deprecated protocol with known weaknesses.

Detailed Information

The remote service accepts connections encrypted using SSL 2.0, which suffers from several cryptographic flaws and has been deprecated.

Impact

An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.

Recommendation

Disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.