Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability - Improper Access Control #2

Open
danielmofer opened this issue Dec 13, 2021 · 1 comment
Open

Vulnerability - Improper Access Control #2

danielmofer opened this issue Dec 13, 2021 · 1 comment

Comments

@danielmofer
Copy link

Dear Cybele Software,

My name is Daniel Morales, from the IT Security Team of ARHS Spikeseed.

I recently found a functionality in Thinfinity VirtualUI that could allow to a malicious actor to perform social engineering attacks such as phishing via the directory /lab.html reachable by default.

How it works
By accessing the following payload (URL) an attacker could iframe any external website (of course, only external endpoints that allows being iframed). The impact is a good phishing.

Payload
The vulnerable vector is "https://example.com/lab.html?vpath=//wikipedia.com " where "vpath=//" is the pointer to the external site to be iframed.

Vulnerable versions
It has been tested in VirtualUI version 2.1.37.2, 2.1.42.2, 2.5.0.0, 2.5.36.1, 2.5.36.2 and 2.5.41.0.
@Fvega1
Copy link
Contributor

Fvega1 commented Dec 15, 2021

Hi Daniel,

Thanks for pointing this out.

Fortunately this was fixed in v3.0 by introducing CSP directives to VirtualUI. These are now handled in a file inside the installation folder.

Please, let me know if you find anything else.

@danielmofer danielmofer mentioned this issue Dec 16, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danielmofer @Fvega1