Re: Blue Coat xss

To: jplopezy@xxxxxxxxx
Subject: Re: Blue Coat xss
From: Hugo van der Kooij <hvdkooij@xxxxxxxxxxxxxxx>
Date: Tue, 23 Sep 2008 07:26:38 +0200
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20080921123714.31757.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Openpgp: id=58F19981; url=http://hugo.vanderkooij.org/0x58F19981.asc
Organization: Familie van der Kooij
References: <20080921123714.31757.qmail@xxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.16 (X11/20080723)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jplopezy@xxxxxxxxx wrote:
> There is a security issue in the blue coat.
> The problem lies in the "Web Filter", which lets you execute an XSS.
> This only affects the Internet Explorer browser. "
> 
> as a result, could jump the antivirus scan or make spoofing.
> 
> POC
> 
> http://www.example.com/file.exe?<script>(1)</script>

I am afraid you need to clarify yourself a bit further. What policy are
you using? What resource(s) besides a ProxySG are you using? (You
mention Webfilter and antivirus.) What versions of SGOS did you test?

In short. Write a report that is clear and not too ambigious to be taken
seriously

Hugo.

- --
hvdkooij@xxxxxxxxxxxxxxx               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

        A: Yes.
        >Q: Are you sure?
        >>A: Because it reverses the logical flow of conversation.
        >>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFI2H4KBvzDRVjxmYERAmOgAKCyqXv/3s0bFBEFTKvhQ6QFi0hCZwCeLiBD
6FKJxRIGrMITOJZcl+LyeUk=
=GR9o
-----END PGP SIGNATURE-----

References:
- Blue Coat xss
  - From: jplopezy

Prev by Date: Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues
Next by Date: Re: Aruba Mobility Controller Shared Default Certificate - Response from Aruba Networks
Previous by thread: Blue Coat xss
Next by thread: Re: Blue Coat xss
Index(es):
- Date
- Thread