Document Title: =============== Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability References (Source): ==================== http://ift.tt/2oxkT6g Release Date: ============= 2017-03-29 Vulnerability Laboratory ID (VL-ID): ==================================== 2046 Common Vulnerability Scoring System: ==================================== 2.2 Vulnerability Class: ==================== Cross Site Scripting - Persistent Product & Service Introduction: =============================== Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is multi-platform, supporting all major operating systems (MS Windows, Mac OS X and Linux) and distributed via portable packages which allow for instant deployment. (Copy of the Homepage: http://ift.tt/R3geaU ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a persistent cross site scripting vulnerability in the official Arachni v1.5-0.5.11 security scanner framework. Vulnerability Disclosure Timeline: ================================== 2017-03-29: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Tasos Laskos Product: Arachni - Security scanner framework. 1.5-0.5.11 Exploitation Technique: ======================= Remote Severity Level: =============== Low Technical Details & Description: ================================ A persistent cross site scripting vulnerability has been discovered in the official Arachni v1.5-0.5.11 security scanner framework. The vulnerability allows remote attackers to inject own malicious script codes on the application-side of the vulnerable service. The Target URL field which is available when configuring a scan is vulnerable to cross site scripting. As scans can be shared and viewed by other users including the admin account, it is possible to execute the cross site scripting under another users context. The request method to inject is POST and the attack vector is located on the application-side of the service application. The remote attacker requires a low privilege user account to inject the malicious code that executes finally in the scan on admin preview. The security risk of the cross site web vulnerability is estimated as low with a common vulnerability scoring system count of 2.2. Exploitation of the persistent cross site web vulnerability requires a low privilege user account and only low user interaction. Successful exploitation of the vulnerability results in persistent phishing attacks, persistent external redirect to malicious sources and persistent manipulation of affected or connected web module context. Request Method(s): [+] POST Vulnerable Module(s): [+] Scans Proof of Concept (PoC): ======================= The cross site scripting vulnerability can be exploited by remote attackers with low privilege web-application user account with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Click to Scans 2. Click to New 3. Add the target url field type like ... Note: http://192.168.184.133/">4. Start the scan and a popup appears after a few seconds 5. Now login as admin and preview the already resolved scans 6. Successful reproduce of the cross site scripting vulnerability!
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment