Do you know or have you ever used ZoneAlarm, a product from Check Point Software Technology?
ZoneAlarm is one of the most secure brands in End User Internet Security software. It’s developed by Check Point Software Technology Company. It protects over 60 million PCs from viruses, spy-wares, hackers and identity thefts. The award-winning Internet Security product line is installed in end users PCs and small businesses, protecting them from Internet threats.
Although Check Point Company provides Internet Security service, but their web system is not 100% secure at all. I have found some critical vulnerabilities even on their own official site!!
Although they are Internet Security Software developer, that protects million of PCs from viruses, hackers, and identity thefts. But they cannot even protect their own website from web application attacks. It’s already proofed today. There are some critical XSS and CSRF vulnerability found by me.
Let me start it:
Yesterday, I visited one of an internet café to check my emails. Each computer was installed with ZoneAlarm Software. Suddenly, a small window prompt out and reminded me to update my ZoneAlarm software.
I followed the instruction and was updated the ZoneAlarm software by clicking the update button. I was brought to their update page. Suddenly, a “bad idea†came into my mind.. Hehe
“This is a internet security website, does this security website is really secure from web application attack such as XSS and CSRF?â€, I asked myself.
After that, I tried to use javascript to test whether the website has an XSS vulnerability… Ding !! BIngo, ZoneAlarm XSSed! 
XSS vulnerability on the shopping cart page:
This XSS Vulnerability can be considered as critical. Because this XSS is triggered when a user trying to update ZoneAlarm software. An attacker can easiliy smuggler a trojan or a virus into the download link, and let the user download a trojan instead of ZoneAlarm Update File.
This can be done easily by combining Social Engineering and trick the victims to open a page containing the XSS. For example an attacker can forge a fake email and send it to ZoneAlarm users, and trick them to update their software through the link the attacker provided.
Dear ZoneAlarm Users,
Firstly we are very sorry to inform you that our automatic update system is currently ongoing some technical problem which will be fixed as soon as possible. By the time we are fixing the system, you are unable to update your ZoneAlarm system directly from your PC. But fortunately we you can do it by visiting the update link below to update your ZoneAlarm.
We are sorry for all the inconvenience we’ve made. And thank your for your support to our product all the time. Bla3……
Other possibility is the attacker create a redirection link to trick user to download the ZoneAlarm software that has been infected by malicious program through the XSS vulnerable. After the user downloaded it, and install into his/her PC, the big trouble will be occurred such as sensitive information from the user may be stolen, damages the PC, and other problems.
Interesting XSS on the Shopping Cart Section
Based on my research, I found out the XSS is being stored on session too!! So that means the XSS vulnerability may let an attacker injects the malicious script on more pages and takes more advantages too.
I have actually reported this to the associated party, and hope that this can be fixed asap due to it’s criticality.
Bingo!!! This article has told us, “Nothing is Secureâ€. (Always stated by Zoiz )
——————————————————————
Notice:
I want to tell everyone first that “I’m not sure, whether those XSS vulnerability has found before or not. From my survey, I didn’t see those xss vulnerable was posted on other site until now. I have checked at XSSed.com. those XSS vulnerable that i found it’s not found at the XSSed.com too. But some other xss vulnerable on ZoneAlarm.com has been found by other people and posted at XSSed.com and it’s said Fixed already too, and it’s different to mine. Remember this article for educational purpose only.
——————————————————————
Bug Found By : YS - http://www.ysezone.com
Status : Reported on 3rd April 2007, Unfixed.
You might also intersted to these posts :
[Read the rest on (it)gossips network: YS]
Critical Vulnerability on ZoneAlarm.Com is posted on April 3rd, 2008 by buchin. This post is filed under: Uncategorized .
Some people come to this post with this search term:
Leave a Reply