[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability
- To: Vulnerability Lab <research@xxxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- Date: Wed, 28 Nov 2012 11:40:52 -0800
On Nov 27, 2012, at 5:52 PM, Vulnerability Lab <research@xxxxxxxxxxxxxxxxxxxxx>
wrote:
> Proof of Concept:
> =================
> The software validation vulnerability can be exploited by local attackers
> with required user interaction and privileged local system account.
> For demonstration or reproduce ...
>
> PoC: Script Code Inject
> "<h1>VL Tester</h1>
> “<iframe src=http://vuln-lab.com>>
> "<iframe src=vuln-lab.com onload=alert("VLab") <>
> "<script>alert(document.cookie)</script><div style="1
>
>
> Solution:
> =========
> The vulnerability can be patched by parsing the search string input field and
> result output (listing) web context.
>
>
> Risk:
> =====
> The security risk of the remote command execution vulnerability is estimated
> as high(+).
Given the required user interaction and privileged local system account and
other operational dependancies, by what means did you estimate a "high" risk?
I guess the basic question would be "how do you even classify this as a risk"
in the first place. Do you have some system of calculating risk or is it just
a "gut feeling" type classification?
t
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/