« VOIPPACK 1.4 with added support for Cisco and Trixbox | Main | VOIPPACK update for February 2010 brings faster VoIP cracking and destruction »
Tuesday
Jun012010

Using XSS to switch off dotDefender 4.0

AppliCure's dotDefender version 4.0 had a security flaw in the log viewing feature of the administrative interface. We just published an advisory for this vulnerability. Here's the interesting part:

"The log viewer facility in dotDefender does not properly htmlencode user supplied input. This leads to a cross site scripting vulnerability when the log viewer displays HTTP headers."


The following video shows how an attacker can make use of cross site scripting to get the system administrator to automatically switch off dotDefender. This effectively disables the WAF, leaving the web application exposed to any attacks that said WAF was supposed to protect against.

Advisory: ES-20100601

Video demo: http://vimeo.com/12132622



FAQ

But doesn't the attacker need to reach the administrator interface?

Nope - its the administrator's authenticated web browser that disables the WAF due to the injected javascript. Therefore the attacker just needs to reach the website protected by the WAF.

References (57)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: Mr.
    1
  • Response
    Response: Click This Link
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    !S!WCRTESTINPUT000002!E!
  • Response
    Response: 1
    1
  • Response
    Response: 1
    1
  • Response
    Response: 1
    1
  • Response
    Response: 1
    1
  • Response
    For those who can buy any of one's wet or creamy cosmetics in smaller sized dimensions do this, or attempt to discover the identical merchandise in packaging (which include a pump) that does not allow for the introduction of microbes.
  • Response
    From the sixth century Advertisement, an obsession with healthy consuming experienced suffused even the very best echelons with the Christian church. A mixture of health-related guidance and healthy recipes, it went into various editions, was translated into French and spawned a number of spinoffs, like Andrew Boorde Compendyous Rgyment Of a ...
  • Response
    Doubleedged blades are fairly sharp and generally leave nicks and cuts around the inexperienced consumer. Shaving with the grain and producing several passes is very suggested on security blades.
  • Response
    Response: 1
    1
  • Response
    Response: 1
    1
  • Response
    I with Katy Perry when she mentioned on NYC z100 Tunes Station monring present her want for a gay American Idol.
  • Response
    marc jacobs dress マークジェイコブス 時計 評価 マークジェイコブス 時計 エイミー マークジェイコブス 時計 調節
  • Response
    works. Express your feelings about how you want the party to go and let them do what they do best.
  • Response
    「袋に! (非表示になっている変数スタジオ、1.99ドル):それは、食品包装内の別の冒険です! 今回は、あなたは紙の袋に食料品を詰め込む店員だ。 目標は、何も壊さずにできるだけ緊密各袋を充填することで、あなたは卵のカートンの上にスイカを置く場合には、トラブルを求めています。 食料品自体は作り、親しみをこめて擬人化である「バッグ·イット! 周りのかわいいパズルゲームの一つ.. coach 財布 相場
  • Response
    Paid video streaming websites are a way better, but to pay each time you want to watch live soccer on the Internet is clearly not something you feel too enthusiastic about. 2. Hardware Installation PCTV card installed on your computer can enable it to receive satellite TV signals just ...
  • Response
    Hutchinson estimates. That investment appears to be paying off.
  • Response
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: diet that works
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: diet plans
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: adidas sueprstar
    Paid video streaming websites are a way better, but to pay each time you want to watch live soccer on the Internet is clearly not something you feel too enthusiastic about. 2. Hardware Installation PCTV card installed on your computer can enable it to receive satellite TV signals just ...
  • Response
    Response: 1
    1
  • Response
    I found a great...
  • Response
    Response: MTS to AVI
    MTS to AVI
  • Response
    Response: mbt shoes
    It doesn't omprie towards squander several hours of your year nd interrupt your ch day program. The exclusive comonents where b they are of enrmous ad is Een though they effcently asist in just being aware of the injury triggered in the directin of an Web brower ntwithstanding the real truth ...
  • Response
    Both candidates came out swinging. The family owned a small local club, and on weekends, all the
  • Response
    Response: titanfall
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Displaying full contact details including your address adds trust and credibility for your business.
  • Response
    Response: doom 3
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: like this
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: website
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: Click Here
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: blog
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: click here
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: click here
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: blog
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: Web site
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: zygor guides free
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    therapy appears irrational. The biological action of
  • Response
    Response: look these up
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    http://www.jordan11lowconcord.com jordan low concord 11s 2014
  • Response
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: 1
    1
  • Response
    Response: 1
    1
  • Response
    Response: oakley scalpel
    When I say I know you,I mean I knew you yesterday. I do not know you actually now.
  • Response
    Response: long beach seo
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: long beach seo
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: 1
    1
  • Response
    Response: 1
    1
  • Response
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: Fetisch Telefonsex
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Response: garcina Cambogia
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity
  • Response
    Using XSS to switch off dotDefender 4.0 - Blog - EnableSecurity

Reader Comments (1)

[...] in the log viewer facility of the dotDefender admin interface.  Watch the video below for a more in depth explanation of the attack.  From the below video one can also learn and understand the importance of having secure web [...]

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>