News Document Title: ==================== Researcher discovered barracuda filter bypass vulnerability Release Date: ============= 2012-07-25 Laboratory Article: =================== Today in the morning the vulnerability laboratory research team discovered a new 0day vulnerability in the barracuda appliances. Barracuda Networks, Inc. is a privately held company providing security, networking and storage products based on network appliances and cloud services. The vulnerability has been discovered to barracuda networks in may 2012. The vulnerability has been detected by Benjamin Kunz Mejri the founder of the Vulnerability-Lab research team. The input filter blocks persistent input attacks with a restriction/filter exception for double quotes, <>,frames, scripts and statements. The vulnerability allows to bypass the existing input validation filter and exception handling. The bug is located when processing to save the url path name (db stored) with attached file. The vulnerability allows to bypass the path url name parse restriction which leads to the execution on a second vulnerable bound module which displays the input as output listing. The Account MyResource Display (example listing + input) and Upload File modules are executing the earlier saved `save` path of url-path/folder which leads to the bypass of the input validation filter and exception-handling. The result is the persistent execution of malicious script codes out of the security appliance application context. The vulnerability allows to bypass this method with this tricky way ... The url path function save the context of the input path name(parsed) as client side request (GET) via URL. If the request is getting bound with the file (POST), which is getting stored (persistent) displayed later on the overview listings, the code will be unauthorized executed out of the security application context(persistent|server-side). After the verification process the researchers of the vulnerability laboratory produced a nice video (Ibrahim El-Sayed) which shows the way of exploitation ... Reference(s): http://news.softpedia.com/news/Experts-Find-Filter-Bypass-Vulnerabilities-in-Barracuda-Appliances-Video-281458.shtml http://news.hitb.org/content/barracuda-networks-appliance-filter-bypass-vulnerability-discovered http://www.ehackingnews.com/2012/07/poc-video-filter-bypass-vulnerabilities.html