Symantec Backup Exec 2012 – Persistent XSS Vulnerability Affecting Custom Reports
Summary
Name: Symantec Backup Exec 2012 – Persistent XSS Vulnerability Affecting Custom Reports
Release Date: 2 October 2013
Reference: NGS00341
Discoverer: Daniele Costa
Vendor: Symantec
CVE Reference: CVE-2013-4676
Systems Affected: Symantec Backup Exec 2012
Risk: High
Status: Published
TimeLine
Discovered: 10 July 2012
Released: 10 July 2012
Approved: 10 July 2012
Reported: 10 July 2012
Fixed: 1 August 2013
Published: 30 September 2013
Description
Symantec Backup Exec 2012 – Persistent XSS Vulnerability Affecting Custom Reports.
I. VULNERABILITY
Symantec Backup Exec 2012 is vulnerable to stored XSS issues affecting the
custom reports. This is exploitable as an authenticated user and can be demonstrated using an XSS payload within the report footer.
II. BACKGROUND
Symantec Backup Exec 2012 is a backup solution.
III. DESCRIPTION
A stored XSS vulnerbility has been found and confirmed within the software as an authenticated user. This is the latest version of Backup Exec.
Technical Details
IV. PROOF OF CONCEPT
- Create a custom report
-
select some fields for the report and click ok to save it
-
In Reports > Footer, add the following text:
BAD #x22; #x3e; #x3c; #x73; #x63; #x72; #x69; #x70; #x74; #x3e; #
x61; #x6c; #x65; #x72; #x74; #x28; #x22; #x58; #x53; #x53; #x22;
#x29; #x3b; #x3c; #x2f; #x73; #x63; #x72; #x69; #x70; #x74; #x3e;FOOTER
- Each time the report is run the payload will be executed
Fix Information
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory pvid=security_advisory year= suid=20130801_00