Sphera HostingDirector and Final User login_screen.php XSS

2003-06-13T08:28:37
ID OSVDB:6667
Type osvdb
Reporter Lorenzo Hernandez Garcia(novappc@novappc.com)
Modified 2003-06-13T08:28:37

Description

Vulnerability Description

IBM Sphera HostingDirector contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the "login_screen.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

IBM Sphera HostingDirector contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the "login_screen.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/[install_path]/login/login_screen.php?vds_ip=[VDS DOMAIN OR IP]&uid=">[XSS ATTACK CODE]&tz=[TIMEZONE CODE , TRY CEST]&vds_server_ip=">[XSS ATTACK CODE]

References:

Vendor URL: http://www-1.ibm.com/servers/eserver/xseries/systems_management/hbs.html Secunia Advisory ID:9049 Related OSVDB ID: 2562 Related OSVDB ID: 2561 Related OSVDB ID: 2150 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0096.html ISS X-Force ID: 12311