The innovations for the future need
secure foundations today.

With information technology now embedded in all business activities, security is an enterprise concern.

Libero Cross-Site Scripting Vulnerability

Sense of Security - Security Advisory - SOS-09-001 

Release Date.                  23-Feb-2009
Last Update.                   23-Feb-2009
Vendor Notification Date.      20-Oct-2008
Product.                       Libero
Platform.                      Windows (verified), possibly others
Affected versions.             Libero v5.3 SP5 (verified), possibly
                               others. 
Severity Rating.               Medium
Impact.                        Cookie/credential theft, impersonation,
                               loss of confidentiality
Attack Vector.                 Remote
Solution Status.               Vendor patch not yet available
CVE reference.                 CVE-2009-0540

Details.
Libero is a library management system. During an application 
penetration test Sense of Security identified a cross-site scripting
vulnerability in the search feature of the Libero web application. 
This occurred as a result of the application not properly filtering
HTML tags which allowed malicious Javascript to be embedded. When
input is incorrectly validated and not properly sanitised and then 
displayed in a web page, attackers can trick users into viewing the
web page and causing malicious code to be executed.

Proof of concept.
You can test the susceptibility of your system to this issue by 
entering the following string into the search term form field and
clicking 'search'.

<script>alert(document.cookie)</script>

A vulnerable site will return the users. session ID.

Solution.
The vendor has advised that the fix will be made available in
Libero v5.5 SP1. A fix will not be made available for previous
versions.

Discovered by.
Oliver Greiter from SOS Labs.

Telephone 1300 922 923.

For an engagement enquiry.
For an information request.