Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Dell PacketTrap PSA 7.1 Cross Site Scripting

🗓️ 18 Jul 2013 00:00:00Reported by Benjamin Kunz MejriType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 34 Views

Dell PacketTrap PSA 7.1 - Multiple Persistent Vulnerabilities discovered allowing remote attackers to execute script cod

Code
`Title:  
======  
Dell PacketTrap PSA 7.1 - Multiple Persistent Vulnerabilities  
  
  
Date:  
=====  
2013-07-18  
  
  
References:  
===========  
http://www.vulnerability-lab.com/get_content.php?id=790  
  
  
VL-ID:  
=====  
790  
  
  
Common Vulnerability Scoring System:  
====================================  
5.6  
  
  
Introduction:  
=============  
Purpose built for IT professionals and other service businesses. Streamline the management of projects, clients, staff, assets, and billing.   
Software should be intuitive and easy-to-use, not complicated and confusing. That`s why packetTrap has created an easy to use yet powerful   
interface that even your techs enjoy using. Whether you are using spreadsheets and sticky notes or clunky software, companies like yours   
will surely benefit from the significant time savings and a dramatic increase in profitability. With packetTrap PSA, you now have an   
integrated solution that delivers an end-to-end business management solution with real advantages over other options. Service Request Tracking   
- Team Scheduling - Customer and Contact Management - Customer Portal - Mobile Friendly - QuickBooks Integration Equipment Tracking Contract   
Management - Email Dropbox - SSL Security.  
  
(Copy of the Vendor Homepage: http://www.packettrap.com/ )  
  
  
Abstract:  
=========  
The Vulnerability Laboratory Research Team discovered multiple persistent web vulnerabilities in the DELL packetTrap PSA v7.1 web application.  
  
  
Report-Timeline:  
================  
2013-01-24: Researcher Notification & Coordination (Ibrahim Mosaad El-Sayed)  
2013-02-06: Vendor Notification (Dell Security Team)  
2013-02-08: Vendor Response/Feedback (Dell Security Team)  
2013-**-**: Vendor Fix/Patch (Developer Team)  
2013-07-18: Public Disclosure (Vulnerability Laboratory)  
  
  
Status:  
========  
Published  
  
  
Affected Products:  
==================  
DELL  
Product: PacketTrap PSA 7.1  
  
  
Exploitation-Technique:  
=======================  
Remote  
  
  
Severity:  
=========  
High  
  
  
Details:  
========  
Multiple persistent input validation vulnerabilities are detected in the DELL packetTrap PSA v7.1 web application.  
The bug allows remote attackers to implement/inject own malicious script code on the application side of the system (persistent).  
Exploitation of persistent issues mostly requires a low privilege application user account and an user interaction click or input.  
  
The 1st persistent web vulnerability is located in the contracts module when processing to request a via POST method manipulated   
txtContractName parameter. The vulnerability allows remote attackers to inject own malicious script code with persistent vector   
in a vulnerable value which is also in use by the contract module when processing to display (list) the context (output).   
The result is the persistent execution of script code in the contract overview listing.   
  
The 2nd persistent web vulnerability is located in the Equipment Item module when processing to request a via POST method manipulated   
lblPurchaseInfo parameter. The vulnerability allows remote attackers to inject own malicious script code with persistent vector   
in a vulnerable value which is also in use by the Equipment Item module when processing to display (list) the context (output).   
The result is the persistent execution of script code in the Equipment Item listing.   
  
The 3rd persistent web vulnerability is located in the Import Customer Equipment Records module when processing to request a via   
POST method manipulated gridItem parameter. The vulnerability allows remote attackers to inject own malicious script code with   
persistent vector in a vulnerable value which is also in use by the Import Customer Equipment Records module when processing to   
display (list) the context (output). The result is the persistent execution of script code in the Import Customer Equipment Records listing.   
  
The 4th part of the persistent web vulnerabilities are located in the Labor Rate module when processing to request via POST method   
manipulated lblItemNo, lblDescription, lblAccountName & lblNotes parameters. The vulnerabilities allow remote attackers to inject   
own malicious script code with persistent vector in a vulnerable value which is also in use by the Labor Rate module when processing to   
display (list) the context (output). The result is the persistent execution of script code in the Labor Rate listing.   
  
The 5th part of the persistent web vulnerabilities are located in the Materials Item module when processing to request via POST method   
manipulated lblMfrName, lblMfrItemNo, lblMfrDescription, lblAccountName & lblNotes parameters. The vulnerabilities allow remote attackers   
to inject own malicious script code with persistent vector in a vulnerable value which is also in use by the Materials Item module when   
processing to display (list) the context (output). The result is the persistent execution of script code in the Materials Item listing.   
  
The 6th part of the persistent web vulnerabilities are located in the New customer module when processing to request via POST method   
manipulated lblPrimaryContact & lblPrimaryLocation parameters. The vulnerabilities allow remote attackers to inject own malicious script code   
with persistent vector in a vulnerable value which is also in use by the New customer module when processing to display (list) the context (output).   
The result is the persistent execution of script code in the New customer listing.   
  
The 7th persistent web vulnerability is located in the Report module when processing to request a via POST method manipulated   
lblPageTitle parameter. The vulnerability allows remote attackers to inject own malicious script code with persistent vector   
in a vulnerable value which is also in use by the Report module when processing to display (list) the context (output).   
The result is the persistent execution of script code in the Report overview listing.  
  
Exploitation of the vulnerability requires a low privilege web-application user account and low or medium user interaction.  
Successful exploitation of the vulnerability results in session hijacking (manager/admin) with persistent vector, persistent phishing,   
persistent external redirects to malware, exploits or scripts and persistent manipulation of module context.  
  
  
Vulnerable Module(s):  
[+] Contract - PacketTrap PSA  
[+] Equipment Item - PacketTrap PSA  
[+] Import Customer Equipment Records - PacketTrap PSA  
[+] Labor Rate - PacketTrap PSA  
[+] Materials Item - PacketTrap PSA  
[+] New customer - PacketTrap PSA  
[+] Report x ApplicationName - PacketTrap PSA  
  
Vulnerable Parameter(s):  
[+] txtContractName  
[+] lblPurchaseInfo  
[+] gridItem  
[+] lblItemNo, lblDescription, lblAccountName & lblNotes  
[+] lblMfrName, lblMfrItemNo, lblMfrDescription, lblAccountName & lblNotes  
[+] lblPrimaryContact & lblPrimaryLocation  
[+] lblPageTitle  
  
Affected Section(s):  
[+] Contract Overview & Edit - Listing  
[+] Equipment Item Overview & Edit - Listing  
[+] Import Customer Equipment Records Overview - Listing  
[+] Labor Rate Details - Listing  
[+] Materials Item Overview - Listing  
[+] New customer Account Details - Listing  
[+] Report - Listing  
  
  
Proof of Concept:  
=================  
The persistent script code inject vulnerabilities can be exploited by low privileged group user accounts with low required user interaction.  
For demonstration or reproduce ...  
  
  
Review: Contract Overview & Edit - Listing  
  
<div class="objectHead">  
<h1>Contract: <span id="lblPageTitle">"><[PERSISTENT INJECTED SCRIPT CODE!]></span></h1>  
<h2><a href="https://vl.packettrappsa.com/customers/customer.aspx?customerId=33628564"><span id="lblCustomerName">Sample Customer</span></a></h2>  
</div>  
  
... &  
  
<td style="width:130px;" class="formLabel">Contract Name:</td>  
<td style="width:auto;">  
<span id="txtContractName">"><[PERSISTENT INJECTED SCRIPT CODE!]></span>  
</td>  
</tr>  
  
  
Review: Equipment Item Overview & Edit - Listing  
  
<td class="formLabel">  
Purchase Info.:  
</td>  
<td>  
<span id="lblPurchaseInfo">Purchased on Dec 11, 2012 from "><[PERSISTENT INJECTED SCRIPT CODE!]></span>  
</td>  
</tr>  
  
  
Review: Import Customer Equipment Records Overview - Listing  
  
</tr><tr class="gridItem" valign="top">  
<td><!--?php</td-->  
</td></tr><tr class="gridItem" valign="top">  
<td>phpinfo();</td> O_O  
</tr><tr class="gridItem" valign="top">  
<td>?></td>  
</tr><tr class="gridItem" valign="top">  
<td>><[PERSISTENT INJECTED SCRIPT CODE!](</td">  
</tr>  
</table>  
  
  
Review: Labor Rate Details - Listing  
  
<td class="formLabel">  
Name/No.:</td>  
<td>  
<span id="lblItemNo">"><[PERSISTENT INJECTED SCRIPT CODE!]></span>  
</td>  
</tr>  
<tr>  
<td class="formLabel">Description:</td>  
<td>  
<span id="lblDescription">"><[PERSISTENT INJECTED SCRIPT CODE!]></span></td>  
</tr>  
  
... &  
  
<td class="formLabel">Account Name:</td>  
<td>  
<span id="lblAccountName">"><[PERSISTENT INJECTED SCRIPT CODE!]></span></td>  
</tr>  
  
  
Review: Materials Item Overview - Listing  
  
<span id="lblItemNo">"><[PERSISTENT INJECTED SCRIPT CODE!]">  
</td>  
</tr>  
<tr>  
<td class="formLabel">  
Description:</td>  
<td>  
<span id="lblDescription">"><[PERSISTENT INJECTED SCRIPT CODE!]></span></td>  
</tr>  
  
... &  
  
<table border="0" cellpadding="4" cellspacing="0" width="100%">  
<tbody><tr>  
<td colspan="2">  
<hr></td>  
</tr>  
<tr>  
<td style="width:130px;" class="formLabel">Manufacturer:</td>  
<td style="width:auto;">  
<span id="lblMfrName">"><[PERSISTENT INJECTED SCRIPT CODE!]></span></td>  
</tr>  
<tr><td class="formLabel">Mfr. Item No.:</td>  
<td>  
<span id="lblMfrItemNo">"><[PERSISTENT INJECTED SCRIPT CODE!]></span></td>  
</tr>  
<tr><td class="formLabel">Mfr. Item Desc.:</td>  
<td>  
<span id="lblMfrDescription">"><[PERSISTENT INJECTED SCRIPT CODE!]></span></td>  
</tr>  
  
  
... &  
  
  
<tr><td class="formLabel">Account Name:</td>  
<td>  
<span id="lblAccountName">"><[PERSISTENT INJECTED SCRIPT CODE!]></span></td>  
</tr>  
<tr>  
<td colspan="2">  
<hr></td>  
</tr>  
<tr>  
<td class="formLabel">Id:</td>  
<td>  
<span id="lblItemId">33583304</span></td>  
</tr>  
<tr>  
<td class="formLabel">Created:</td>  
<td>  
<span id="lblCreated">by the storm on Dec 9, 2012 at 5:11 PM</span></td>  
</tr>  
<tr>  
<td colspan="2">  
<hr></td>  
</tr>  
<tr>  
<td class="formLabel">Notes:</td>  
<td>  
<span id="lblNotes">"><[PERSISTENT INJECTED SCRIPT CODE!]></span></td>  
</tr>  
  
  
  
Review: New customer Account Details - Listing  
  
<tbody><tr>  
<td style="width: 130px;">  
<strong>Primary Contact:</strong>  
</td>  
<td style="width: auto;">  
<span id="lblPrimaryContact"><a href="https://vl.packettrappsa.com/customers/contact.aspx?customerId=33628565&  
contactId=33637457">"><iframe src=http://www. "><iframe src=http://www.</a>, () -,   
<a href="mailto:"><[PERSISTENT INJECTED SCRIPT CODE!]>">"><[PERSISTENT INJECTED SCRIPT CODE!]></a></span>  
</td>  
</tr>  
<tr>  
<td>  
<strong>Primary Location:</strong>  
</td>  
<td>  
<span id="lblPrimaryLocation"><a href="https://vl.packettrappsa.com/customers/location.aspx?customerId=33628565&  
locationID=33649992">"><[PERSISTENT INJECTED SCRIPT CODE!]</a>, "><[PERSISTENT INJECTED SCRIPT CODE!]>   
(<a href="https://vl.packettrappsa.com/tools/getMap.aspx?customerLocationId=33649992" class="map-link">Get Map</a>)</span>  
</td>  
</tr>  
</tbody>  
  
  
Review: Report - Listing  
  
<div class="ReportHeader">  
<h1><span id="lblPageTitle">"><[PERSISTENT INJECTED SCRIPT CODE!]></span></h1>  
</div>  
  
<div class="ReportBody">  
<input name="TempSortCol" id="TempSortCol" type="hidden">  
<input name="TempSortOrder" id="TempSortOrder" type="hidden">  
  
<div id="ReportParameters" class="ReportParameters2">  
<div id="StandardFilters_ReportParameters">  
  
<div class="ParameterGroupHead">  
<span class="ui-corner-tr">Time Frame</span>  
</div>  
  
  
Risk:  
=====  
The security risk of the persistent input validation vulnerabilities are estimated as high(-).  
  
  
Credits:  
========  
Vulnerability Laboratory [Research Team] - Ibrahim El-Sayed (the_storm) [[email protected]]  
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri [[email protected]]  
  
  
Disclaimer:  
===========  
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,   
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-  
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business   
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some   
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation   
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases   
or trade with fraud/stolen material.  
  
Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com  
Contact: [email protected] - [email protected] - [email protected]  
Section: www.vulnerability-lab.com/dev - forum.vulnerability-db.com - magazine.vulnerability-db.com  
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab  
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php  
  
Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.   
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other   
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and   
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed),   
modify, use or edit our material contact ([email protected] or [email protected]) to get a permission.  
  
Copyright © 2013 | Vulnerability Laboratory [Evolution Security]  
  
  
  
--   
VULNERABILITY LABORATORY RESEARCH TEAM  
DOMAIN: www.vulnerability-lab.com  
CONTACT: [email protected]  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Jul 2013 00:00Current
0.1Low risk
Vulners AI Score0.1
remote exploitation low privilege用户 interaction vector injection persistent validation contract equipment customer records vulnerabilities dell packettrap psa 7.1 cross site scripting
34