[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LiveZilla 188.8.131.52 Multiple Stored XSS in webbased operator client
Author: Jakub Zoczek [zoczus@xxxxxxxxx]
CVE Reference: CVE-2013-7032
Vendor: LiveZilla GmbH [http://livezilla.net]
Affected version: 184.108.40.206
CVSSv2 Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
LiveZilla, the widely-used and trusted Live Help and Live Support System.
0x03 Proof of Concept
- File Names - this issue is really similar to CVE-2013-7003. LiveZilla fixed it by escaping displayed file name when customer want send it to operator. Unfortunately it is unescaped after succesful upload.
- Also - after upload LiveZilla creates 'resources' with those files. Filenames are escaped properly there, but names of customers don't. We can use simple, widely-known XSS payloads to exploit this vulnerability.
Vulnerability was fixed in LiveZilla 220.127.116.11 version.
08.12.2013 - Vendor notified
09.12.2013 - Vendor responded with informations about planned release
10.12.2013 - Version 18.104.22.168 released
15.12.2013 - Public Disclosure