Barracuda Spam & Virus WAF Unspecified Multiple HTML Injection Vulnerabilities
29 Oct. 2012
Barracuda Spam & Virus WAF 600 is prone to multiple unspecified HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Multiple persistent Input Validation vulnerabilities are detected on Barracudas Spam & Virus Web Firewall 600. Local low privileged user account can implement/inject malicious persistent script code. When exploited by an authenticated user, the identified vulnerabilities
can lead to information disclosure, access to intranet available servers, manipulated persistent content.
Proof of Concept:
The persistent vulnerabilities can be exploited by local low privileged user accounts with low required user inter action or by remote attackers with high required user inter action.
Manual Steps ...
1. Login to the Barracuda Application
2. Open the vulnerable area were the persistent vulnerability is located
3. Include/Insert your own script code or poc and save/execute the content to inject
4. View the injected results which were stored on application side. The code is getting executed in the output section