July 31, 2016 lawrenceamer no responses

Europ CERT- Hall of Fame

Want create site? With Free visual composer you can do it easy.

Since Eurpo CERT has Released a Hall of Fame program to handle reported issue by Security Researchers.
 Lawrence Amer has reported Cross Site scripting Vulnerability into Europ CERT Security Team . and got Confirmation Response via email with name included in
Hall of Fame .

after confirming A fix , A vulnerability Description  is Disclosed via Security Researcher Official Site
to discuss it .

Vulnerability Description :
=================================

The security issue allows remote attackers to inject own malicious script codes to the application-side of the vulnerable service module. 
the vulnerability is located in the module "/scripts/wa-enisa.exe" in the affected domain "lists.enisa.europa.eu" . the vulnerable parameter is "A0" allow remote attacker to execute xss payload through the vulnerable parameter 

Vulnerable Request 
==================
[+] GET 

Vulnerable module 
======================
[+]/scripts/wa-enisa.exe
======================= 
vulnerable parameter 
[+] A0 

proof of concept : 

attacker are able to successfully produce the issue by using the following url : 
https://lists.enisa.europa.eu/scripts/wa-enisa.exe?A0=%../%27%3E%3Ciframe%20src=http://vulnerability-lab.com%3E


Vulnerability State : Patched 





Did you find apk for android? You can find new Free Android Games and apps.
Share it!
Aenean mattis venenatis

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Lawrence Amer | CPTE , CEH