Vulnerability Development mailing list archives
Re: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service
From: "JNJ" <jnj () pobox com>
Date: Sat, 18 May 2002 17:16:23 -0400
I am not in the practice of posting exploits to publically accessible lists nor do I share them with the irresponsible. James ----- Original Message ----- From: "E M" <rdnktrk () hotmail com> To: <jnj () pobox com>; <bugtraq () securityfocus com> Cc: <vuln-dev () securityfocus com> Sent: Friday, May 17, 2002 10:31 PM Subject: Re: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service
Yes Sonicwall was contacted. I am working with them to resolve this issue.Although you so determinedly state this is exploitable internally >only,
it
presents not only a busy-work issue for admins but obviously >CAN be reworked to an externally initiated instance by anyone with a >modicum of development knowledge.True, no argument here, but any way you look at it, the issue involves people on the LAN interface instigating the problem, if you can show how this can be done on the WAN interface without LAN interaction, I'd love to see it. Eric M.From: "JNJ" <jnj () pobox com> To: <bugtraq () securityfocus com> CC: <vuln-dev () securityfocus com> Subject: Re: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service Date: Fri, 17 May 2002 14:25:34 -0400 And did you by chance contact the Sonicwall Corporation prior to
publishing
this issue or did you simply rush to publish? Although you so
determinedly
state this is exploitable internally only, it presents not only a
busy-work
issue for admins but obviously CAN be reworked to an externally initiated instance by anyone with a modicum of development knowledge. James ----- Original Message ----- From: "E M" <rdnktrk () hotmail com> To: <bugtraq () securityfocus com> Cc: <vuln-dev () securityfocus com> Sent: Friday, May 17, 2002 11:55 AM Subject: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of ServiceThis advisory may be reproduced unmodified. Sonicwall SOHO Content Blocking Script Injection and Logfile DoS Test Unit : Sonicwall SOHO3 Firmware version: 6.3.0.0 ROM version: 5.0.1.0 Severity : Medium Issue : Sonicwall Allows administrators to block websites based on a userenteredlist of domains. These websites are blocked whenever they accessed by clients on the LAN interface. By passing a blocked URL injected script the attacker may executescriptsautomatically when the logfile is viewed. The below example uses a commonly blocked ad server, please note thismustbe in your blocked sites list and that any site that is blocked willworkfine.bannerserver.gator.com/<SCRIPT>window.location.href="http://www.offroadware
h
ouse.com";</SCRIPT>This will be injected into the logfile, when an Admin attempts to viewthelog files they will be automatically redirected to the site of yourchoice.Note that any <SCRIPT> is executed, for the example I show redirectionas ameans of Denial of Service. Resolution : Only after rebooting the unit will you gain access to the logfiles,
the
logis cleared on each reboot, thus you will be unable to locate the user
on
theLAN segment who initiated the attack. Mitigating Factors : This attack must come from the Lan interface, which means that it is
not
remotely exploitable, this conclusion may be false but will be tested further. Author : Eric McCarty rdnktrk () hotmail com _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com_________________________________________________________________ Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
Current thread:
- Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service E M (May 17)
- <Possible follow-ups>
- RE: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service tech (May 17)
- RE: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service Darren W. MacDonald (May 18)
- Re: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service E M (May 18)
- Re: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service JNJ (May 18)
- RE: Sonicwall SOHO Content Blocking Script Injection, LogFile Denial of Service E M (May 18)