`Rewterz Security Research Group Advisory
========================================================
I. Overview
========================================================
A Cross-Site Scripting (XSS) vulnerability has been identified in
TEMENOS T24 Core Banking Solution System. This vulnerability allows
an attacker to gain control over valid user accounts, perform operations
on their behalf, redirect them to malicious sites, steal their credentials,
and more.
========================================================
II. Severity
========================================================
Rating: High
Remote: Yes
========================================================
III. Vendor's Description of Application
========================================================
TEMENOS T24 is the most technically advanced banking system
available today. It pairs the most comprehensive and most powerfully
flexible business functionality with the most advanced and scalable
architecture. This gives it unprecedented power and opportunity to meet
the challenges of today and the opportunities of tomorrow.
T24 is built on open architecture, offers low cost of ownership and uses
established standards such as HTTP, XML and J2EE. The design of T24
offers multiple application server support offering horizontal scalability
and supporting huge numbers of users with true non-stop resilience.
http://www.temenos.com/en/t24/
========================================================
IV. Vulnerability Details
========================================================
Input passed via the following GET parameters:
* windowName
* user
* skin
* routineName
* routineArgs
* compScreen
* compId
on following pages:
* /jsps/genrequest.jsp
* /jsps/enqrequest.jsp
are not properly sanitized before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's browser
session in context of affected web application.
========================================================
V. Exploit
========================================================
Sample exploitation of this vulnerability would be crafting the following
request:
GET /jsps/genrequest.jsp?&routineName=OS.NEW.USER&
routineArgs=BANNER"/><STYLE>@import"javascript:alert
('XSS%20Dangerous')";</STYLE> HTTP/1.1
========================================================
VI. Affected Systems
========================================================
TEMENOS T24 (Core Banking) version 7
Note: Other versions may also be affected.
========================================================
VII. Vendor Response/Solution
========================================================
No vendor response.
========================================================
VIII. Credits
========================================================
Discovered by Rehan Ahmed, Rewterz.
========================================================
XI. About Rewterz
========================================================
Rewterz is a boutique Information Security company, committed to
consistently providing world class professional security services. Our
strategy revolves around the need to provide round-the-clock quality
information security services and solutions to our customers. We maintain
this standard through our highly skilled and professional team, and
custom-designed, customer-centric services and products.
http://www.rewterz.com/
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation