A blog by Dhiraj Datar

HTTP Host header attacks against web proxy disclaimer response webpage Summary The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user HTTP requests. The latter is possible if an attacker is in a Man-in-the-middle position (i.e. able to modify the HTTP requests of the potential victim before they reach the web proxy), or poisons a web cache used by the potential victim. In the latter attack scenario, the tainted disclaimer web page being cached, the XSS attack can be considered as persistent. Impact Persistent Cross-site Scripting (XSS) CVE ID CVE-2017-14190 Affected Products FortiOS 5.6.0 to 5.6.2 FortiOS 5.4.0 to 5.4.7 FortiOS 5.2 and lower versions. Solutions FortiOS 5.6 branch: Upgrade to 5.6.3 FortiOS 5.4 branch: Upgrade to 5.4.8 For...

It has been discovered that TYPO3 CMS is vulnerable to SQL injection. Component Type: TYPO3 CMS Subcomponent: Query Generator (ext:lowlevel) Release Date: December 17, 2019 Vulnerability Type: SQL Injection Affected Versions: 8.0.0-8.7.29 and 9.0.0-9.5.11 and 10.0.0-10.2.0 Severity: Medium Suggested CVSS v3.1:   AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C CVE:   CVE-2019-19850 Problem Description Failing to properly escape user submitted content, class QueryGenerator is vulnerable to SQL injection. Having system extension ext:lowlevel installed and a valid backend user having administrator privileges are required to exploit this vulnerability. Solution Update to TYPO3 versions 8.7.30 or 9.5.12 or 10.2.2 that fix the problem described. Credits Thanks to Dhiraj Shrikant Datar ( Zacco CyberSecurity Research Labs ) who reported this issue and to TYPO3 framework merger Frank Nägler  who fixed the issue. General Advice Follo...

Description Stored XSS vulnerability in tool names exploitable by administrators SECURITY-624 Jenkins administrators can configure tools, such as JDK, Maven, or Ant, that will be available in job configurations for use by build scripts. Some tool names are not properly escaped on job configuration forms, resulting in a stored cross-site scripting vulnerability. Tools confirmed to be affected are: JDK (provided by Jenkins core) Ant (provided by Ant plugin) Others may also be affected by this. This vulnerability can only be exploited by Jenkins administrators, as they’re the only ones able to define tools. In regular Jenkins configurations, administrators are able to run any code and install any plugin. Therefore this vulnerability only really affects installations that don’t grant administrators the Run Scripts, Configure Update Sites, and/or Install Plugins permissions. As of publication of this advisory, there is no fix. The Jenkins pro...