A blog by Dhiraj Datar

HTTP Host header attacks against web proxy disclaimer response webpage Summary The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user HTTP requests. The latter is possible if an attacker is in a Man-in-the-middle position (i.e. able to modify the HTTP requests of the potential victim before they reach the web proxy), or poisons a web cache used by the potential victim. In the latter attack scenario, the tainted disclaimer web page being cached, the XSS attack can be considered as persistent. Impact Persistent Cross-site Scripting (XSS) CVE ID CVE-2017-14190 Affected Products FortiOS 5.6.0 to 5.6.2 FortiOS 5.4.0 to 5.4.7 FortiOS 5.2 and lower versions. Solutions FortiOS 5.6 branch: Upgrade to 5.6.3 FortiOS 5.4 branch: Upgrade to 5.4.8 For...

It has been discovered that TYPO3 CMS is vulnerable to SQL injection. Component Type: TYPO3 CMS Subcomponent: Query Generator (ext:lowlevel) Release Date: December 17, 2019 Vulnerability Type: SQL Injection Affected Versions: 8.0.0-8.7.29 and 9.0.0-9.5.11 and 10.0.0-10.2.0 Severity: Medium Suggested CVSS v3.1:   AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C CVE:   CVE-2019-19850 Problem Description Failing to properly escape user submitted content, class QueryGenerator is vulnerable to SQL injection. Having system extension ext:lowlevel installed and a valid backend user having administrator privileges are required to exploit this vulnerability. Solution Update to TYPO3 versions 8.7.30 or 9.5.12 or 10.2.2 that fix the problem described. Credits Thanks to Dhiraj Shrikant Datar ( Zacco CyberSecurity Research Labs ) who reported this issue and to TYPO3 framework merger Frank Nägler  who fixed the issue. General Advice Follo...