|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 4578 CVE : CVE-2008-5043 CWE : CWE-79 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : No Credit : f bianchino gmail com Published : 14.11.2008
Advisory Content : Metrica Service Assurance Multiple Cross Site Scripting *********************************************************************** Author: Francesco Bianchino Email: f.bianchino (at) gmail (dot) com [email concealed] Title: Metrica Service Assurance Multiple Cross Site Scripting Vendor: IBM *********************************************************************** Summary Metrica Service Assurance Framework implements a distributed, object-oriented, J2EE-based architecture. It work with a Web-based user interfaces, from end-user report generation to detailed system administration and configuration. *********************************************************************** Vulnerability Detail The web-based interface of Metrica Service Assurance is exposed to multiple XSS attack. With an authenticated user it's possible to steal other user's sessions due to a flaw in the input validation mechanisms. A persistant XSS permits the insertion of malicious code into the web-based interface. Using the report generation function it is possible to create a report with malicious code in the name. That code is than rendered on the victim's browser when opening the report history which can be found in the main panel of the application. The code also persists into the main panel and all the users are exposed to the attack. There are at least three vulnerable pages: Non persistant: * http://server/<document root>/ReportTree * http://server/<document root>/Launch Persistant: * http://server/<document root>/ReportRequest *********************************************************************** Exploit http://server/<document root>/ReportTree?action=generatedreportresults&elementid="><SCRIPT>alert ("Non persistant XSS");</SCRIPT><!--&date=0000000000000 http://server/<document root>/Launch?jnlpname=="><SCRIPT>alert("Non Persistant XSS");</SCRIPT> http://server/<document_root>/ReportRequest?dateformat=dd%2FMM%2Fyyyy&re porttitle=some_title&reportID=some_stuff&version=0&treesrc=&treetitle=&p _wstring=&p_dataperiod=none%3A%23%3Araw&startdate=01%2F01%2F2008&reportt ype=offline&%3Atasklabel=<SCRIPT>alert(Persistant XSS!);</SCRIPT>&none_agg_specified=false&windowtype=main *********************************************************************** Solution At the moment of writing this advisory the is no solution yet. *********************************************************************** Credits Discovered and advised to IBM, November 2008 by Francesco Bianchino. Thanks to Marco borza and to da EthicalHAkinTeam References : http://xforce.iss.net/xforce/xfdb/46495
http://www.securityfocus.com/bid/32233
http://www.securityfocus.com/archive/1/archive/1/498168/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065520.html  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |