Monday, July 21, 2014

MyConnection Server (MCS) Reflective XSS

Author: 1N3
Vender Website:
Affected Product: MyConnection Server
Affected Version: 9.7i (others may also be vulnerable)

MyConnection Server (MCS) delivers a broad range of support managed automated and user initiated self-help connection testing and monitoring services directly via the browser to any online customer/location anywhere in the world. Due to a failure to sanitize certain GET variables passed to the connection test page (usually test.php), it is possible to inject client side javascript to run in the context of the user browsing the website. Several parameters including testtype, ver, cm, map, lines, duration and others appear to be vulnerable.



* Both voiplines and testlength are written to the end user without being properly sanitized and thus vulnerable to reflective XSS.

<td valign="top" width="30%"><b>Current
          <b>VoIP Lines Simulated</b>:
          <script type="text/javascript"> document.write(voiplines); </script><br>
          <b>Test Length</b>:
          <script type="text/javascript"> document.write(testlength); </script><br>
          <script type="text/javascript"> if (codec == "g711") { document.write(nameg711); }
    else { document.write(nameg729); }
          <td align="left" width="70%">
          <p align="center">

No comments:

Post a Comment