Cenzic 232 Patent
Paid Advertising
web application security lab

VMWare XSS exploit

VMWare which is virtual machine software just released a XSS vulnerability in their software that could affect system administrators who use it.  These types of XSS vulnerabilities happen all the time actually. Way more often than I think most people realize.  I found one in some custom software that was written for our company by an outside vendor (we were the only consumers of it at the time).

Luckily, I was the one who found the vulnerability in our custom software but the possibilities for someone from the outside to perform functions as a system administrator of the company was very high.  If the software you use has a web based interface one of two things can happen.  People from the outside can send you erroneous information that can be used to gather information or perform actions as the administrator of the function or a disgruntled system admin can leave easter eggs for other admins for later use, where they will perform actions for him after he leaves.

Because these tools are used only by administrators and not by normal users, their danger is actually greater because they are more focused attack vectors.  This will become a bigger and bigger deal with time.  I’ll probably go into this topic in more detail in a future post.

Comments are closed.