AOH :: HP Unsorted A :: BU-1892.HTM

ARISg5 (Version 5.0) Cross Site Scripting Vulnerability



ARISg5 (Version 5.0) Cross Site Scripting Vulnerability
ARISg5 (Version 5.0) Cross Site Scripting Vulnerability



========================================Yaniv Miron aka "Lament" Advisory Feb 24, 2010
ARISg5 (Version 5.0) Cross Site Scripting Vulnerability
========================================
=========================================================================================Application name: ARISg5 (arisglobal)
Version: 5.0
Class: Input Validation Error 
Type: Cross Site Scripting (XSS)
Remote: Yes
Credit: Yaniv Miron aka "Lament"
Exploit:

http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error Message 

Yaniv Miron aka "Lament".
lament@ilhack.org 
=========================================================================================
====================I. BACKGROUND
====================ARISg=99 - Adverse Drug Event Reporting
pharmacovigilance and safety
ARISg is the world's leading pharmacovigilance
and clinical safety system for good reason,
with more than 300 life-sciences companies
maintaining their critical safety data in ARISg worldwide.

http://www.arisglobal.com/products/arisg.php 

====================II. DESCRIPTION
====================
1. A malicious attacker may inject scripts into the "errmsg" parameter in the ARISg5 (Version 5.0) application.

2. A malicious attacker may Inject his own error message using the "errmsg" parameter
and create a phishing attack using the ARISg5 (Version 5.0) application

====================III. ANALYSIS
====================
1. Exploitation of this vulnerability results in the execution of arbitrary
code using a malicious link.

2. Exploitation of this vulnerability results in creation of a phishing page using
the original ARISg5 (Version 5.0) application error page.

====================IV. EXPLOIT
====================
http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=Phishing Error Message 

====================V. DISCLOSURE TIMELINE
====================
Jan 2009 Vulnerability found
Jan 2009 Vendor Notification
Feb 2010 Vendor Notification (Before Disclosure) 
Feb 2010 Public Disclosure

====================VI. CRETID
====================
Yaniv Miron aka "Lament".
lament@ilhack.org 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.