lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 6 Feb 2015 11:36:33 GMT
From: ayman.abdelaziz@...pag.com
To: bugtraq@...urityfocus.com
Subject: BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting
 Vulnerabilities (XSS)

About the Product:
BMC FootPrints Service Core is an IT service and asset management platform used by many organizations to help the IT departments deliver more value to businesses.

Advisory Details:

During a Penetration testing, Help AG auditor (Ayman Abdelaziz) discovered the following:
1) Stored Cross-Site Scripting (XSS) vulnerability in BMC Footprints Service Core 11.5 (MRTicketPage.pl), allows remote attackers to inject arbitrary web script or HTML via the Email Address form field when openning a request ticket.

Proof of Concept:
Inject the following JavaScript <script>alert('XSSed')</script> in the Email address form field in the (MRTicketPage.pl).


2) Reflected Cross-Site Scripting (XSS) vulnerability in BMC Footprints Service Core 11.5 (MRServiceCatalog.pl), allows remote attackers to inject arbitrary web script or HTML via the 'USER' or 'MRP' URL parameters.

Proof of Concept:
Inject the following JavaScript <script>alert('XSSed')</script> in the 'USER' or 'MRP' URL parameters as the following:
http://domain/MRcgi/MRServiceCatalog.pl/CMDB_ID=3&USER=test%3Cscript%3Ealert%28%27XSSed%27%29%3C%2fscript%3E&MRP=0F0JTvCEm&PROJECTID=12&CUSTM=test
or
http://domain/MRcgi/MRServiceCatalog.pl/CMDB_ID=3&USER=test&MRP=0F0JTvCEm%3Cscript%3Ealert%28%27XSSed%27%29%3C%2fscript%3E&PROJECTID=12&CUSTM=test


Solution:

After contacting the vendor (BMC Software, Inc.) about the vulnerability for a solution, they confirmed that it was solved with a software upgrade, the response was the following:

"Changes were made to the application code in version 11.6.03 to avoid this vulnerability, so if you upgrade to 11.6.03 or later you should find that this is no longer a problem"


[1] help AG middle East (http://www.helpag.com/).
[2] BMC Software Inc. (http://www.bmc.com/).
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVEAŽ is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ