The Yordam Bilgi Teknolojileri team published a patch against this issue on Jan, 5th. According to the security advisory, the issue was discovered by Evgeny Bilun of the Russian Federal Security Service (FSB). The researcher reported that the Library system has an unauthenticated reflected XSS vulnerability that can be exploited by an attacker to inject malicious code into the application.
In order to exploit this issue, the attacker needs to send a specially crafted request to the vulnerable system. After receiving the request, the application will validate it and if the validation fails, the application will return a message with the error information. The message with the error information is sent to the user via the error log. However, the message with the error information is not sanitized and can be accessed by the attacker.
Vulnerability Details
This vulnerability is an unauthenticated reflected XSS vulnerability that can be exploited by an attacker to inject malicious code into the application.
In order to exploit this issue, the attacker needs to send a specially crafted request to the vulnerable system. After receiving the request, the application will validate it and if the validation fails, the application will return a message with the error information. The message with the error information is sent to the user via the error log. However, the message with the error information is not sanitized and can be accessed by the attacker.
Summary
A vulnerability has been identified by the Yordam Bilgi Teknolojileri team in their application that can be exploited by an attacker to inject malicious code into the application. The vulnerability is caused by a lack of validation when a message with error information is sent to the user via the error log.
The vulnerability is reported by Evgeny Bilun of the Russian Federal Security Service (FSB).
References:
-Yordam Bilgi Teknolojileri security advisory https://www.yiise.com/tr/bildirimler/yordam-bilgi-tekno...
-Evgeny Bilun's security advisory http://www.securityfocus.com/bid/14553
The importance of digital marketing: 6 reasons why digital marketing is important
HTTP Reflected XSS Payload Creation
The payload for this vulnerability is a request with the content of "true" or "false" which can be obtained from the logs. The payload will then be sent to the application in an HTTP POST request. In order to exploit this vulnerability, the attacker needs to have valid authentication credentials to send an HTTP request to the vulnerable system.
Timeline
Published on: 09/22/2022 09:15:00 UTC
Last modified on: 09/22/2022 19:59:00 UTC