Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

BMC Footprints Service Core 11.5 Cross Site Scripting

🗓️ 07 Feb 2015 00:00:00Reported by Ayman AbdelazizType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 43 Views

BMC Footprints Service Core 11.5 Cross Site Scripting vulnerability in Email Address field and URL parameters. Vendor BMC Software, Inc. confirmed resolution in version 11.6.03

Code
`About the Product:  
BMC FootPrints Service Core is an IT service and asset management platform used by many organizations to help the IT departments deliver more value to businesses.  
  
Advisory Details:  
  
During a Penetration testing, Help AG auditor (Ayman Abdelaziz) discovered the following:  
1) Stored Cross-Site Scripting (XSS) vulnerability in BMC Footprints Service Core 11.5 (MRTicketPage.pl), allows remote attackers to inject arbitrary web script or HTML via the Email Address form field when openning a request ticket.  
  
Proof of Concept:  
Inject the following JavaScript <script>alert('XSSed')</script> in the Email address form field in the (MRTicketPage.pl).  
  
  
2) Reflected Cross-Site Scripting (XSS) vulnerability in BMC Footprints Service Core 11.5 (MRServiceCatalog.pl), allows remote attackers to inject arbitrary web script or HTML via the 'USER' or 'MRP' URL parameters.  
  
Proof of Concept:  
Inject the following JavaScript <script>alert('XSSed')</script> in the 'USER' or 'MRP' URL parameters as the following:  
http://domain/MRcgi/MRServiceCatalog.pl/CMDB_ID=3&USER=test%3Cscript%3Ealert%28%27XSSed%27%29%3C%2fscript%3E&MRP=0F0JTvCEm&PROJECTID=12&CUSTM=test  
or  
http://domain/MRcgi/MRServiceCatalog.pl/CMDB_ID=3&USER=test&MRP=0F0JTvCEm%3Cscript%3Ealert%28%27XSSed%27%29%3C%2fscript%3E&PROJECTID=12&CUSTM=test  
  
  
Solution:  
  
After contacting the vendor (BMC Software, Inc.) about the vulnerability for a solution, they confirmed that it was solved with a software upgrade, the response was the following:  
  
"Changes were made to the application code in version 11.6.03 to avoid this vulnerability, so if you upgrade to 11.6.03 or later you should find that this is no longer a problem"  
  
  
[1] help AG middle East (http://www.helpag.com/).  
[2] BMC Software Inc. (http://www.bmc.com/).  
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVEA® is a dictionary of publicly known information security vulnerabilities and exposures.  
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Feb 2015 00:00Current
7.4High risk
Vulners AI Score7.4
bmc footprints service corecross site scriptingemail addressurl parametersbmc softwarevulnerabilityversion 11.6.03
43