travisbgreen (5)

Last Login: April 21, 2020

Assessments

Score

travisbgreen's Latest (2) Contributions

Sort by:

Filter by:

travisbgreen assessed Unknown iOS Mail.App RCE ZecOps

April 24, 2020 4:56pm UTC (4 years ago)•Edited 4 years ago

Ratings

Common in enterprise Easy to weaponize Gives privileged access Unauthenticated Vulnerable in default configuration

Technical Analysis

https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/

travisbgreen assessed CVE-2018-19131

April 21, 2020 10:49pm UTC (4 years ago)•Edited 4 years ago

Ratings

Attacker Value

Very Low

Exploitability

Very Low

Authenticated Difficult to weaponize No useful access

Technical Analysis

Bottom line: The commonName property of the certificate that signs the “failed to connect securely” error page within Squid gets rendered as HTML on the client/victim side.

In order to successfully exploit this XSS one would need to write a malicious .pem file in the location specified by squid.conf or modify squid.conf to point to an existing malicious .pem file.

If I had root level access to the filesystem on a squid box, serving a XSS from the error page would not be as useful as any number of other things that could be done. Similarly story if you MITM the victim.

PoC @ https://github.com/JonathanWilbur/CVE-2018-19131

This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.

travisbgreen (5)

Last Login: April 21, 2020

travisbgreen's Latest (2) Contributions

Ratings

Technical Analysis

Ratings

Technical Analysis

Quick Cookie Notification