Lucene search
Anastasios MonachosPACKETSTORM:131232HistoryApr 01, 2015 - 12:00 a.m.
Ericsson Drutt MSDP (Report Viewer) Cross Site Scripting
2015-04-0100:00:00
Anastasios Monachos
packetstormsecurity.com
34
0.001 Low
EPSS
Percentile
41.8%
`+----------------------------------------------------------------------+
+ Ericsson Drutt MSDP (Report Viewer) - Cross Site Scripting Injection +
+----------------------------------------------------------------------+
Affected Product: Ericsson Drutt MSDP (Report Viewer)
Vendor Homepage : www.ericsson.com
Version : 4, 5 and 6
CVE v2 Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N
CVE : CVE-2015-2165
Discovered by : Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]
+-------------+
+ Description +
+-------------+
Ericsson Drutt Mobile Service Delivery Platform (MSDP) is a complete business support system providing an SDP center for both on- and off-portal business that includes support for the retail, advertising and wholesale of a wide range of different products and services. The MSDP was originally developed by Drutt Corporation which Ericsson bought back in 2007. Drutt was converted into Ericsson SA SD&P and they are still developing the MSDP. The platform is available in three configurations which also can be combined in the same installation: Storefront, Mobile Marketing and Open Surf.
The Report Viewer component contains a vulnerability (at multiple user-supplied input points) that could allow an unauthenticated, remote attacker to execute arbitrary code in the user's browser session in the context of the affected site.
+----------------------+
+ Exploitation Details +
+----------------------+
The vulnerable input points and respective URL paths are listed below:
1. http://<drutt:port>/reports/pages/top-links.jsp?portal=[XSS]&interval=M&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=clicks&sortDirection=desc&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=&atype=[XSS]&atitle=[XSS]
2. http://<drutt:port>/reports/pages/page-summary.jsp?portal=[XSS]&uid=[XSS]
3. http://<drutt:port>/reports/pages/top-useragent-devices.jsp?portal=[XSS]
4. http://<drutt:port>/reports/pages/service-summary.jsp?portal=[XSS]&uid=[XSS]
5. http://<drutt:port>/reports/pages/top-useragent-devices.jsp?portal=[XSS]&interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=reqs&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
6. http://<drutt:port>/reports/pages/top-interest-areas.jsp?portal=[XSS]&interval=M&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&top=10&sortOrder=asc&orderBy=urs&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
7. http://<drutt:port>/reports/pages/top-message-services.jsp?interval=Y&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=urs&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
8. http://<drutt:port>/reports/pages/user-statistics.jsp?portal=[XSS]&interval=Y&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
9. http://<drutt:port>/reports/pages/message-shortcode-summary.jsp?interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&
usercategory=&orderBy=[XSS]&sortDirection=[XSS]&uid=9397[XSS]&uid2=[XSS]&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=XSS
10. http://<drutt:port>/reports/pages/message-providers-summary.jsp?interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&orderBy=[XSS]&sortDirection=[XSS]&uid=[XSS]&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
11. http://<drutt:port>/reports/pages/license-summary.jsp?interval=D&fromDate=2015-02-11&toDate=2015-02-12&fromTime=00&toTime=00&usercategory=&orderBy=ival&sortDirection=desc&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
12. http://<drutt:port>/reports/pages/top-web-pages.jsp?portal=[XSS]&interval=M&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
13. http://<drutt:port>/reports/pages/top-devices.jsp?portal=[XSS]&interval=M&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
14. http://<drutt:port>/reports/pages/top-pages.jsp?portal=[XSS]&interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
15. http://<drutt:port>/reports/pages/useragent-device-summary.jsp?portal=[XSS]&interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&orderBy=[XSS]&sortDirection=[XSS]&uid=[XSS]&uid2=[XSS]&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
16. http://<drutt:port>/reports/pages/message-services-summary.jsp?interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&orderBy=[XSS]&sortDirection=[XSS]&uid=[XSS]&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
17. http://<drutt:port>/reports/pages/top-message-providers.jsp?interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
18. http://<drutt:port>/reports/pages/top-message-devices.jsp?interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
19. http://<drutt:port>/reports/pages/top-message-assets.jsp?interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
20. http://<drutt:port>/reports/pages/top-message-downloads.jsp?interval=M&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
21. http://<drutt:port>/reports/pages/top-message-shortcode.jsp?interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
22. http://<drutt:port>/reports/pages/request-summary.jsp?interval=D&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&orderBy=ival&sortDirection=desc&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
23. http://<drutt:port>/reports/pages/link-summary-select.jsp?portal=[XSS]
24. http://<drutt:port>/reports/pages/link-summary.jsp?portal=[XSS]&interval=M&fromDate=2014-02&toDate=2015-02&fromTime=17&toTime=18&usercategory=&orderBy=ival&sortDirection=desc&uid=[XSS]&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
25. http://<drutt:port>/reports/pages/session-summary.jsp?portal=[XSS]&show=a&interval=M&fromDate=2014-02[XSS]&toDate=2015-02[XSS]&fromTime=17[XSS]&toTime=18[XSS]&usercategory=&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
26. http://<drutt:port>/reports/pages/provider-summary-select.jsp?portal=[XSS]
27. http://<drutt:port>/reports/pages/provider-summary.jsp?portal=[XSS]&interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&orderBy=[XSS]&sortDirection=[XSS]&uid=[XSS]&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
28. http://<drutt:port>/reports/pages/top-providers.jsp?portal=[XSS]
29. http://<drutt:port>/reports/pages/module-summary-select.jsp?portal=[XSS]
30. http://<drutt:port>/reports/pages/module-summary.jsp?portal=[XSS]&interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&orderBy=[XSS]&sortDirection=[XSS]&uid=[XSS]&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
31. http://<drutt:port>/reports/pages/top-providers.jsp?portal=[XSS]&interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
32. http://<drutt:port>/reports/pages/top-modules.jsp?portal=[XSS]&interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
33. http://<drutt:port>/reports/pages/top-services.jsp?portal=[XSS]&interval=H&fromDate=[XSS]&toDate=[XSS]&fromTime=[XSS]&toTime=[XSS]&usercategory=&top=10&sortOrder=asc&orderBy=[XSS]&sortDirection=[XSS]&uid=&uid2=&kword=[XSS]&uname=[XSS]&pname=[XSS]&sname=[XSS]&file=[XSS]&atype=[XSS]&atitle=[XSS]
+---------------------+
+ Disclosure Timeline +
+---------------------+
17.Feb.2015 - Contacted Ericsson http://www.ericsson.com/feedback
24.Feb.2015 - Ericsson responded with point of contact at Corporate Security Office
24.Feb.2015 - Contacted Corporate Security Office team
02.Mar.2015 - Ericsson Product Security Incident Response Team reverted via a secure channel
02.Mar.2015 - Shared vulnerability details
06.Mar.2015 - Ericsson confirmed the validity of the issues and started developing the patches
08.Mar.2015 - Agreed on public disclosure timelines
31.Mar.2015 - Public disclosure
`
Related
cvelist
cvelist
CVE-2015-2165
2015-04-06 15:00:00
cve
cve
CVE-2015-2165
2015-04-06 15:59:01
prion
prion
Cross site scripting
2015-04-06 15:59:00
nvd
nvd
CVE-2015-2165
2015-04-06 15:59:01