Skip to content

Instantly share code, notes, and snippets.

@erud1te-sec
Created August 6, 2021 16:25
Show Gist options
  • Save erud1te-sec/5c85924cb78ba85af42e0b7b62a5ec91 to your computer and use it in GitHub Desktop.
Save erud1te-sec/5c85924cb78ba85af42e0b7b62a5ec91 to your computer and use it in GitHub Desktop.
Vulnerability Name: Reflected Cross Site Scripting in LeoStream Connection Broker
Registered: TBD
Discoverers:
Scott Goodwin
Vendor of Product:
LeoStream
Affected Product Code Base:
LeoStream Connection Broker 9.0.3 <= 9.0.34.3
Attack Type:
Remote
Vulnerability Type:
Unauthenticated Reflected Cross Site Scripting
Vulnerability Impact:
Arbitrary JavaScript Execution
Attack Vector:
By submitting JavaScript within the "user" parameter of a GET request to the /index.pl endpoint of LeoStream Connection Broker (login page), it is possible to gain arbitrary JavaScript execution within the context of a the user's browser.
Description:
If an attacker can convince a user to click a malicious link designed to exploit the XSS vulnerability, it is possible to execute code within that users browser. If the user convinced to click the maliicous link is authenticated, it is possible to gain unauthorized access to the LeoStream application.
PoC:
https://examplesite/index.pl?user="><script>alert("Cross%20Site%20Scripting!")</script>
Additional Information:
This vulnerability exists in end of life software, and was patched in version 9.0.34.3, which is also end of life. Customers are advised to upgraded to a supported version of LeoStream Connection Broker.
Reporting Timeline:
07/07/2021: Vulnerability was reported to LeoStream
07/07/2021: LeoStream notes that 9.0.34.x and earlier are EOL and that this issue was fixed in 9.0.34.3
08/06/2021: Public disclosure
Reference:
https://dgccpa.com
https://leostream.com
https://www.leostream.com/resources-2/product-lifecycle/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment