I. VULNERABILITY -------------------------
Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8 II. BACKGROUND ------------------------- WatchGuard builds affordable, all-in-one network and content security solutions to provide defense in depth for corporate content, networks and the businesses they power. III. DESCRIPTION ------------------------- Has been detected a Reflected XSS vulnerability in XTM WatchGuard. The code injection is done through the parameter "poll_name" in the page "/firewall/policy?pol_name=(HERE XSS)" IV. PROOF OF CONCEPT ------------------------- The application does not validate the parameter "poll_name" correctly. https://10.200.210.100:8080/firewall/policy?pol_name=qqq";><body onload=alert(document.cookie)>&service=Any&is_new=1 V. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user's browser, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser allowing Cookie Theft/Session Hijacking, thus enabling full access the box. VI. SYSTEMS AFFECTED ------------------------- Tested WatchGuard XTM Version: 11.8 (Build 432340) VII. SOLUTION ------------------------- All data received by the application and can be modified by the user, before making any kind of transaction with them must be validated VIII. References ------------------------- http://www.kb.cert.org/vuls/id/807134 http://watchguardsecuritycenter.com/2014/03/13/fireware-xtm-11-8-3-update-corrects-xss-flaw/ By William Costa william.co...@gmail.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
