Tuesday, June 4, 2013

BlackBerry Multiple Bugs

images (259×195)

I had found 3 bugs in blackberry mobile site, m.blackberry.com & 2 bugs in developers site developer.blackberry.com.

Tested ON- OS: Windows 7 Browser: Google Chrome & Firefox (latest versions)

1. URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting & or they are made to download malicious files.

A remote attacker can redirect users from your website to a specified URL. This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.

=> Vulerable URL: http://m.blackberry.com/cps/rde/xchg/blackberrymobile2012/hs.xsl/-/index.html?

The above URL redirects to apple.com , which can be replaced with a malicious phishing URL or file containing Malware.

Fix: Your script should properly sanitize user input

2. Path disclosure Type: Information Disclosure URL: http://m.blackberry.com/cps/rde/xchg/blackberrymobile2012

The above URL is disclosing the path on the server: /cps/rde/xchg/SID-B461826F-730AD1C9/blackberrymobile2012

Fix: Deal with errors gracefully when a file is not located in the location is should be.

3.Important HTML forms without CSRF Protection- /at/de/feedback.html /at/de/polling1.html

I reported this to BlackBerry PSIRT already & the bugs are patched by now.

The 2 bugs in the developers site were use of SSL 2.0 deprecated protocol & SSL weak ciphers, which are not very critical.


Post a Comment