[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication
- To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
- Subject: [FD] CVE-2024-25282 - RedSys - 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication
- From: RUBEN LOPEZ HERRERA <ruben.lopezherrera@xxxxxxxxxxxxxx>
- Date: Tue, 10 Sep 2024 12:15:17 +0000
Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Method Authentication
Tested Version(s): 3DSecure 2.0 3DS Method Authentication
Vulnerability Type: Cross-Site Scripting (XSS)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25282
Overview:
3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod
Authentication. This vulnerability allows remote attackers to hijack the form
action and change the destination website via the params parameter, which is
base64 encoded and improperly sanitized.
Vulnerability Details:
The issue arises because the params parameter in the 3DSMethod Authentication
is not properly sanitized or validated before being processed. Attackers can
inject arbitrary HTML elements into the DOM, modifying the website's appearance
or executing malicious code in the victim's browser. Additionally, the
integrity of the base64-encoded information is not checked, making it
vulnerable to manipulation in a man-in-the-middle attack.
Proof of Concept (PoC):
By altering the params parameter in the request URL, an attacker can modify
base64-encoded values and inject malicious code. For example:
https://[REDACTED]/[REDACTED]/rest/online/[REDACTED]/redirect?action=challenge&txn=[REDACTED]¶ms=[REDACTED]";
Solution:
Currently, no solution is available. Redsys has been notified of the issue, but
no patch has been released as of the date of this advisory.
References:
OWASP Web Security Testing Guide: Reflected Cross-Site Scripting
Discoverer:
Reported by Rubén López Herrera
________________________________
Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede
contener información privilegiada o confidencial y es para uso exclusivo de la
persona o entidad de destino. Si no es usted. el destinatario indicado, queda
notificado de que la lectura, utilización, divulgación y/o copia sin
autorización puede estar prohibida en virtud de la legislación vigente. Si ha
recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente
por esta misma vía y proceda a su destrucción.
The information contained in this transmission is confidential and privileged
information intended only for the use of the individual or entity named above.
If the reader of this message is not the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this communication
is strictly prohibited. If you have received this transmission in error, do not
read it. Please immediately reply to the sender that you have received this
communication in error and then delete it.
Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode
conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa
ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica
notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização
pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem
por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e
proceda a sua destruição
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/