Document Title: =============== AVG Threat Labs - Cross Site Request Forgery Vulnerability Date: ===== 2016-03-03 References: =========== http://www.vulnerability-lab.com/get_content.php?id=1660 VL-ID: ===== 1660 Common Vulnerability Scoring System: ==================================== 3.1 Introduction: ============= Threat Labs is AVG’s latest security tool, continuing our commitment to malware and virus detection and eradication. With an Internet security and protection policy built heavily around the concept of `scan before you leap`, AVG Threat Labs offers the same kind of pre-click analysis as our unique LinkScanner® real-time surf and search technology, though at a far more comprehensive level. AVG Threat Labs is a fast and easy route to website security, offering quick search functionality with its `Big Search` URL address box, as well as clear and comprehensive website security reports presented in a simple-to-follow graphical format. (Copy of the Vendor Homepage: http://www.avgthreatlabs.com/de-de/website-safety-reports/ ) Abstract: ========= An independent vulnerability laboratory researcher discovered a cross site request forgery web vulnerability in the official AVG Threat Labs web-application. Report-Timeline: ================ 2016-01-17: Researcher Notification & Coordination (Karim Rahal) 2016-01-18: Vendor Notification (AVG Security Team) 2016-01-21: Vendor Response/Feedback (AVG Security Team) 2016-03-01: Vendor Fix/Patch (Adobe Developer Team) 2016-03-02: Security Acknowledgements (AVG Security Team) 2016-03-03: Public Disclosure (Vulnerability Laboratory) Status: ======== Published Affected Products: ================== AVG Product: Threat Labs - Web Application v2016 Q1 Exploitation-Technique: ======================= Remote Severity: ========= Medium Details: ======== A cross site request forgery web vulnerbaility has been discovered in the official AVG Threat Labs web-application service. CSRF is when an attacker is able to run a Request through an user`s account because the request is lacking a token protection. A CSRF exploitation is done by runing a request through the victim`s browser into his account and the request will succesfully work due to the website not being able to make the request of that victim uniquer than the attacker`s and everyone else`s requests. The security risk of the cross site request forgery web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.1. Exploitation of the cross site request forgery web vulnerability requires no privileged web-application user accountbut low or medium user interaction. Successful exploitation of the vulnerability results in unauthorized execution of web-application functions by client-side interaktion. Request method(s): [+] POST Vulnerable Service(s): [+] avgthreatlabs.com Vulnerable Module(s): [+] add-domain-watchlist Proof of Concept: ================= The vulnerability can be exploited by remote attackers without privileged web-application user account and with low or medium user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC or Exploitcode:
Video: https://www.youtube.com/watch?v=HnpzjNlbkPg Risk: ===== The security risk of the cross site request forgery web vulnerability in the avg threat labs web-application is estimated as medium. (CVSS 3.1) Credits: ======== Karim Rahal [KarimMTV@elitesec.org] - @KarimMTV Disclaimer: =========== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™