ECE Projects Cross Site Scripting

2014-04-04T00:00:00
ID PACKETSTORM:131288
Type packetstorm
Reporter Wang Jing
Modified 2014-04-04T00:00:00

Description

                                        
                                            `*ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities*  
  
  
Exploit Title: ECE Projects XSS (Cross-site Scripting) Security  
Vulnerabilities  
Vendor: ECE Projektmanagement G.m.b.H. & Co. KG (ECE)  
Product: ECE Projects  
Vulnerable Versions:  
Tested Version:  
Advisory Publication: April 01, 2015  
Latest Update: April 01, 2015  
Vulnerability Type: Cross-Site Scripting [CWE-79]  
CVE Reference: *  
Impact CVSS Severity (version 2.0):  
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)  
Impact Subscore: 2.9  
Exploitability Subscore: 8.6  
Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University  
(NTU), Singapore]  
  
  
  
  
*Suggestion Details:*  
  
  
*(1) Vendor & Product Description:*  
  
  
*Vendor:*  
ECE Projektmanagement G.m.b.H. & Co. KG (ECE)  
  
  
*Product & Version:*  
All Projects - Shopping & Office, Traffic, Industries, Hotel, Residential  
  
  
*Vendor URL & download:*  
ECE Projects can be obtained from here,  
http://www.ece.com/en/projects/all-projects/  
  
  
*Google Dork:*  
ECE Projektmanagement GmbH & Co. KG  
  
  
*Product Introduction Overview:*  
"ECE develops, builds, and manages large commercial properties in the  
business areas Shopping, Office, Traffic, and Industries. It was founded in  
1965 by mail-order pioneer Prof. Werner Otto (1909-2011) and is owned by  
the Otto family. Since 2000, the company founder's son, Alexander Otto, has  
been heading the company. Hamburg-based ECE has been developing, building,  
leasing out, and managing large commercial properties in the business areas  
Shopping, Office, Traffic, and Industries and is European market leader in  
the field of downtown shopping centers. For decades, ECE has been realizing  
very successfully large group headquarters, office buildings, industrial  
buildings, logistic centers, traffic-related properties, hotels and other  
highly complex building types. ECE provides all real estate-related  
services from one source and thus creates a major benefit for their  
customers, clients and partners by pooling their complete know-how. With  
regard to numerous projects the ECE group acts as investor and keeps the  
projects in the portfolio for decades. Furthermore, two ECE funds  
concentrate on the acquisition of shopping centers with value growth  
potential. ECE is Europe-wide successfully positioned with numerous  
subsidiaries and joint ventures."  
  
"ECE employs specialists with in-depth knowledge of the retail trade and  
all related "disciplines" and pools this wide-ranging expertise under one  
roof. Our full-service concept extends from the original idea right through  
to long-term management. Our credo: a full range of services from a single  
provider who takes overall responsibility as opposed to a "coordinator".  
This expertise is underpinned by several decades of experience in the  
sector as well as the financial strength of the ECE Group and enables us to  
cater to the full range of needs and requirements of our clients."  
  
  
  
*(2) Vulnerability Details:*  
ECE web application has a security bug problem. It can be exploited by XSS  
attacks. This may allow a remote attacker to create a specially crafted  
request that would execute arbitrary script code in a user's browser  
session within the trust relationship between their browser and the server.  
  
Several ECE Projects products 0Day vulnerabilities have been found by some  
other bug hunter researchers before. ECE Projects patched some of them.  
Open Sourced Vulnerability Database (OSVDB) is an independent and  
open-sourced database. The goal of the project is to provide accurate,  
detailed, current, and unbiased technical information on security  
vulnerabilities. The project promotes greater, open collaboration between  
companies and individuals. It has published suggestions, advisories,  
solutions details related to XSS vulnerabilities.  
  
  
*(2.1)* The first code programming flaw occurs atoccurs at "suchergebnis/?"  
page with "&tx_solr[q]" parameter.  
  
  
  
  
  
  
*References:*  
http://www.tetraph.com/security/xss-vulnerability/ece-projects-xss-cross-site-scripting-security-vulnerabilities/  
http://securityrelated.blogspot.com/2015/04/ece-projects-xss-cross-site-scripting.html  
http://www.inzeed.com/kaleidoscope/computer-web-security/ece-projects-xss-cross-site-scripting-security-vulnerabilities/  
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/ece-projects-xss-cross-site-scripting-security-vulnerabilities/  
https://hackertopic.wordpress.com/2015/04/02/ece-projects-xss-cross-site-scripting-security-vulnerabilities/  
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2  
http://packetstormsecurity.com/files/authors/11717  
http://www.osvdb.org/show/osvdb/119707  
  
  
  
  
--  
Wang Jing,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
https://twitter.com/justqdjing  
  
  
`