AOH :: HP Unsorted M :: VA1790.HTM

Metrica Service Assurance Multiple Cross Site Scripting



Metrica Service Assurance Multiple Cross Site Scripting
Metrica Service Assurance Multiple Cross Site Scripting



Metrica Service Assurance Multiple Cross Site Scripting

***********************************************************************

Author: Francesco Bianchino

Email: f.bianchino@gmail.com 

Title: Metrica Service Assurance Multiple Cross Site Scripting

Vendor: IBM

***********************************************************************

Summary

Metrica Service Assurance Framework implements a distributed,
object-oriented, J2EE-based architecture. It work with a Web-based
user interfaces, from end-user report generation to detailed system
administration and configuration.

***********************************************************************

Vulnerability Detail

The web-based interface of Metrica Service Assurance is exposed to
multiple XSS attack. With an authenticated user it's possible to steal
other user's sessions due to a flaw in the input validation
mechanisms.
A persistant XSS permits the insertion of malicious code into the
web-based interface. Using the report generation function it is
possible to create a report with malicious code in the name.
That code is than rendered on the victim's browser when opening the
report history which can be found in the main panel of the
application.
The code also persists into the main panel and all the users are
exposed to the attack.

There are at least three vulnerable pages:

      Non persistant:
* http://server/ root>/ReportTree 
* http://server/ root>/Launch 

      Persistant:
* http://server/ root>/ReportRequest 

***********************************************************************

Exploit

http://server/ 
root>/ReportTree?action=generatedreportresults&elementid=">

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.