TUCoPS :: HP Unsorted T

TUCoPS :: HP Unsorted T :: tb13235.htm
Blue Coat ProxySG Management Console XSS

Two XSS on Blue Coat ProxySG Management Console Two XSS on Blue Coat ProxySG Management Console


PR07-29: Two XSS on Blue Coat ProxySG Management Console

Vulnerability found: 23 July 2007

Vendor informed: 20 August 2007

Vulnerability fixed: 29 October 2007

Advisory publicly released: 1 November 2007

Severity: Medium

Description:

Blue Coat SG400 is vulnerable to a couple of XSS holes.

Vulnerable server-side script / unfiltered parameter: '/Secure/Local/console/install_upload_action/crl_format' / 'name'

Vulnerable server-side script / unfiltered parameter: '/Secure/Local/console/install_upload_from_file.htm' / 'file'

Notes:

The admin user needs to be authenticated (HTTP basic authentication) for the injected JavaScript to run.


Successfully tested on:

Model: Blue Coat SG400
Software SGOS 4.2.1.6
Software Release ID: 25173


Proof of concept #1:

https://target:8082/Secure/Local/console/install_upload_action/crl_format?name="%00

Injected payload:

"%00

Proof of concept #2:

https://target:8082/Secure/Local/console/install_upload_from_file.htm?file=



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH