AOH :: HP Unsorted T :: TB13235.HTM

Blue Coat ProxySG Management Console XSS



Two XSS on Blue Coat ProxySG Management Console
Two XSS on Blue Coat ProxySG Management Console



PR07-29: Two XSS on Blue Coat ProxySG Management Console

Vulnerability found: 23 July 2007

Vendor informed: 20 August 2007

Vulnerability fixed: 29 October 2007

Advisory publicly released: 1 November 2007

Severity: Medium

Description:

Blue Coat SG400 is vulnerable to a couple of XSS holes.

Vulnerable server-side script / unfiltered parameter: '/Secure/Local/console/install_upload_action/crl_format' / 'name'

Vulnerable server-side script / unfiltered parameter: '/Secure/Local/console/install_upload_from_file.htm' / 'file'

Notes:

The admin user needs to be authenticated (HTTP basic authentication) for the injected JavaScript to run.


Successfully tested on:

Model: Blue Coat SG400
Software SGOS 4.2.1.6
Software Release ID: 25173


Proof of concept #1:

https://target:8082/Secure/Local/console/install_upload_action/crl_format?name="%00

Injected payload:

"%00

Proof of concept #2:

https://target:8082/Secure/Local/console/install_upload_from_file.htm?file=

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.