TUCoPS :: HP Unsorted A :: bu-2051.htm

Aris AGX agXchange ESM Open Redirection Vulnerability
Aris AGX agXchange ESM Open Redirection Vulnerability
Aris AGX agXchange ESM Open Redirection Vulnerability


=========================================
Yaniv Miron aka "Lament" Advisory March 12, 2010
Aris AGX agXchange ESM Open Redirection Vulnerability
=========================================

=====================
I. BACKGROUND
=====================

E2B safety submissions module.

When it comes to the electronic submission of safety data using the E2B format,
meeting the often complicated and complex requirements from different regulatory
agencies=97EMEA, MHLW, FDA and other NCAs=97can be a challenge that consumes
vast amounts of time, effort and resources.

http://www.arisglobal.com/products/agxchange_esm.php


=====================
II. DESCRIPTION
=====================

A malicious attacker may redirect users from the agXchange ESM module in the Aris AGX application.

=====================
III. ANALYSIS
=====================

Exploitation of this vulnerability results in the redirection of users using a malicious link.

=====================
IV. EXPLOIT
=====================

http://www.example.com/[agx_application]/pages/ucschcancelproc.jsp?returnpage=http://www.RedirectExample.com

=====================
V. DISCLOSURE TIMELINE
=====================

Jan 2009 Vulnerability found
Jan 2009 Vendor Notification
March 2010 Public Disclosure

=====================
VI. CREDIT
=====================

Yaniv Miron aka "Lament".
lament@ilhack.org

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH