According to new research, the SIP communications protocol can be exploited to conduct cross-site scripting (XSS) assaults.
In a blog post published on June 10, the Session Initiation Protocol (SIP), the technology used to manage communication across services such as Voice over IP (VoIP), audio, and instant messaging, can be used as a conduit to perform app-based assaults on software, as per Enable Security's Juxhin Dyrmishi Brigjaj.
This includes cross-site scripting (XSS) assaults, in which users' browser sessions may be stolen, same-origin restrictions may be bypassed, and user impersonation may occur for objectives such as theft, phishing, or malware deployment.
In the worst-case situation, according to Dyrmishi Brigjaj, this might lead to an "unauthenticated remote compromise of vital systems."
The study looked into the case of VoIPmonitor, an open-source network packet sniffer that system administrators use to examine the quality of VoIP calls based on various network metrics. During an offensive security audit, a flaw in the software's graphical user interface (GUI) was uncovered.
The monitoring of SIP device register requests is one of the GUI's functions. The monitoring system also includes the type of device that submitted the SIP register message via a User-Agent header value. This value is represented in the user's web browser's DOM. It may lead to the execution of malicious code in the hands of criminals.
The researchers note, “At face value, this might not seem like much, and in the real world I’d use something less obvious, relying on some canary token or callback. However, keep in mind that this code is executed in an administrator’s browser and is stored there ..
Support the originator by clicking the read the rest link below.
