|
=========================================
Yaniv Miron aka "Lament" Advisory March 12, 2010
Aris AGX agXchange ESM Open Redirection Vulnerability
=========================================
=====================
I. BACKGROUND
=====================
E2B safety submissions module.
When it comes to the electronic submission of safety data using the E2B format,
meeting the often complicated and complex requirements from different regulatory
agencies=97EMEA, MHLW, FDA and other NCAs=97can be a challenge that consumes
vast amounts of time, effort and resources.
http://www.arisglobal.com/products/agxchange_esm.php
=====================
II. DESCRIPTION
=====================
A malicious attacker may redirect users from the agXchange ESM module in the Aris AGX application.
=====================
III. ANALYSIS
=====================
Exploitation of this vulnerability results in the redirection of users using a malicious link.
=====================
IV. EXPLOIT
=====================
http://www.example.com/[agx_application]/pages/ucschcancelproc.jsp?returnpage=http://www.RedirectExample.com
=====================
V. DISCLOSURE TIMELINE
=====================
Jan 2009 Vulnerability found
Jan 2009 Vendor Notification
March 2010 Public Disclosure
=====================
VI. CREDIT
=====================
Yaniv Miron aka "Lament".
lament@ilhack.org