Posts

Showing posts with the label Injection

CSV injection in Avaya Call Management System (CMS). CVE-2023-3527

Image
 Hi All, I was able to identify CVS injection vulnerability in Avaya Call Management System (CMS). Avaya Call Management System (CMS) is an integrated analysis and reporting solution that keeps you in touch with virtually everything that’s going on in your contact center from evaluating the performance of a single agent or group of agents to managing a contact center with multiple locations worldwide. During the security assessment of CMS Supervisor Web application, i noted that whole section of "Administration" has a feature to download the content in CSV format. Any malicious user can inject malicious CSV payload, which will be executed if the admin downloads the csv report and opens it. The Excel will ask the admin to enable the content, since the report is downloaded from trusted source he will click on enable which will execute the content. Vulnerability and Fixed: Vulnerability Name : CMS is vulnerable to CSV Injection Assigned CVE:  CVE-2023-3527 ASA Num...

Microsoft Teams Webinar Vulnerable to CSV Injection Vulnerability

Image
 Dear reader, While testing different features of TEAMS, I find out a CSV injection vulnerability in TEAMS Webinar feature, where any external user, or attacker can register himself for attending public webinar and in webinar registration page he can inject a malicious payload which will executed once the admin download the attendees list. As per Microsoft they are not accepting it as high/medium security bug (which I totally Disagree) and not eligible for bounty or hall of fame, also they provided the permission to disclose this publicly.  As per Microsoft the admin has to click enable button once he open the report. For which I mentioned them multiple times that admin will always trust the report as its coming from Trusted source which in this case is Microsoft and 95% of times he will click on Enable button and payload will be executed. Anyways lets start with the Vulnerability details, At the end of this document I will give a bonus trick on how to find publicly available ...