Vulnerability-Laboratory Research Team discovered persistent and client side POST Injection web vulnerability in the nCircle PureCloud (cloud-based) Vulnerability Scanner Application.
The vulnerability allows an attacker to inject own malicious script code in the vulnerable module on application side.
Benjamin K.M. from Vulnerability-Laboratory provide more technical details about these flaws, the first vulnerability is located in the Scan Now > Scan Type > Perimeter Scan > Scan section when processing to request via the `Scan Specific Devices - [Add Devices]` module and the bound vulnerable formErrorContent exception-handling application parameters.
The persistent injected script code will be executed out of the `invalid networks` web application exception-handling. To bypass the standard validation of the application filter the attacker need to provoke the specific invalid networks exception-handling error.
In the second step the attacker splits the request of the invalid filter context to execute after it the not parsed malicious script code. The vulnerability can be exploited on client side via force manipulated link as malicious request with medium user interaction but also via server side by a post injection in the later affected add server listing module.
The second vulnerability is bound to the first issue and located in the IP & Name output listing of the scan index after processing to add a network/server/ip. The code will be executed out of the main IP & name listing after an evil inject via add module. To bypass the IP restriction filter it is required to split the request like in the first issue with a valid IP.
The vulnerability can be exploited with privileged application user account and low or medium required user interaction. Successful exploitation of the vulnerability result in persistent/non-persistent session hijacking, persistent/non-persistent phishing, external redirect, external malware loads and persistent/non-persistent vulnerable module context manipulation.
nCircle patches these vulnerabilities on researchers report, readers can try this cloud based vulnerability scanner here.
About the author