Lucene search
K

TEMENOS T24 7 Cross Site Scripting

🗓️ 29 Jun 2012 00:00:00Reported by Rehan AhmedType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 77 Views

TEMENOS T24 7 Cross Site Scripting vulnerability allows attacker control over user accounts and execution of arbitrary HTML and script code

Code
`Rewterz Security Research Group Advisory  
  
========================================================  
I. Overview  
========================================================  
  
A Cross-Site Scripting (XSS) vulnerability has been identified in  
TEMENOS T24 Core Banking Solution System. This vulnerability allows  
an attacker to gain control over valid user accounts, perform operations  
on their behalf, redirect them to malicious sites, steal their credentials,  
and more.  
  
========================================================  
II. Severity  
========================================================  
  
Rating: High  
Remote: Yes  
  
========================================================  
III. Vendor's Description of Application  
========================================================  
  
TEMENOS T24 is the most technically advanced banking system  
available today. It pairs the most comprehensive and most powerfully  
flexible business functionality with the most advanced and scalable  
architecture. This gives it unprecedented power and opportunity to meet  
the challenges of today and the opportunities of tomorrow.  
  
T24 is built on open architecture, offers low cost of ownership and uses  
established standards such as HTTP, XML and J2EE. The design of T24  
offers multiple application server support offering horizontal scalability  
and supporting huge numbers of users with true non-stop resilience.  
  
http://www.temenos.com/en/t24/  
  
========================================================  
IV. Vulnerability Details  
========================================================  
  
Input passed via the following GET parameters:  
  
* windowName  
* user  
* skin  
* routineName  
* routineArgs  
* compScreen  
* compId  
  
on following pages:  
  
* /jsps/genrequest.jsp  
* /jsps/enqrequest.jsp  
  
are not properly sanitized before being returned to the user. This can be  
exploited to execute arbitrary HTML and script code in a user's browser  
session in context of affected web application.  
  
========================================================  
V. Exploit  
========================================================  
  
Sample exploitation of this vulnerability would be crafting the following  
request:  
  
GET /jsps/genrequest.jsp?&routineName=OS.NEW.USER&  
routineArgs=BANNER"/><STYLE>@import"javascript:alert  
('XSS%20Dangerous')";</STYLE> HTTP/1.1  
  
========================================================  
VI. Affected Systems  
========================================================  
  
TEMENOS T24 (Core Banking) version 7  
  
Note: Other versions may also be affected.  
  
========================================================  
VII. Vendor Response/Solution  
========================================================  
  
No vendor response.  
  
========================================================  
VIII. Credits  
========================================================  
  
Discovered by Rehan Ahmed, Rewterz.  
  
========================================================  
XI. About Rewterz  
========================================================  
  
Rewterz is a boutique Information Security company, committed to  
consistently providing world class professional security services. Our  
strategy revolves around the need to provide round-the-clock quality  
information security services and solutions to our customers. We maintain  
this standard through our highly skilled and professional team, and  
custom-designed, customer-centric services and products.  
  
http://www.rewterz.com/  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation