Oliver's Blog Yet Another Needless BLOG

30.7.2012

Dr. Web Administrator Interface – Persistent Script Code Injection Vulnerability

Filed under: Advisories,linkedin — oliver.karow @ 15:23

After almost 2 years of inactivity, i will release another small advisory today. Its one of this „product-installation-takes-more-time-than-finding-the-vulnerability“ findings.

This time, the product is Dr. Web Antivirus Enterprise Server and the vulnerability is within its administration web interface.
If an attacker suplies java script code instead of a username on the login page, this script code will be automatically executed every time an administrative user is viewing the audit log. This attack can be used to steal authentication cookies or to drive further attacks.

I know, i should not spend my time with such low hanging fruits, but currently i do not have the time to dig deeper into products to search for more sophisticated vulnerabilities.

The advisory can be found here:    http://www.oliverkarow.de/research/drweb.txt

Powered by WordPress