lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAMryJ3=eZmHon=73Q5WeYpqUMs4wuHB7XeDErnmmQYqM6Ea9iQ@mail.gmail.com>
Date: Fri, 29 Jun 2012 02:13:46 +0500
From: Rewterz - Research Group <advisories@...terz.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq@...urityfocus.com
Subject: REWTERZ-20120629 - TEMENOS T24 Cross-Site
	Scripting (XSS) Vulnerability

Rewterz Security Research Group Advisory

========================================================
I. Overview
========================================================

A Cross-Site Scripting (XSS) vulnerability has been identified in
TEMENOS T24 Core Banking Solution System. This vulnerability allows
an attacker to gain control over valid user accounts, perform operations
on their behalf, redirect them to malicious sites, steal their credentials,
and more.

========================================================
II. Severity
========================================================

Rating: High
Remote: Yes

========================================================
III. Vendor's Description of Application
========================================================

TEMENOS T24 is the most technically advanced banking system
available today. It pairs the most comprehensive and most powerfully
flexible business functionality with the most advanced and scalable
architecture. This gives it unprecedented power and opportunity to meet
the challenges of today and the opportunities of tomorrow.

T24 is built on open architecture, offers low cost of ownership and uses
established standards such as HTTP, XML and J2EE. The design of T24
offers multiple application server support offering horizontal scalability
and supporting huge numbers of users with true non-stop resilience.

http://www.temenos.com/en/t24/

========================================================
IV. Vulnerability Details
========================================================

Input passed via the following GET parameters:

* windowName
* user
* skin
* routineName
* routineArgs
* compScreen
* compId

on following pages:

* /jsps/genrequest.jsp
* /jsps/enqrequest.jsp

are not properly sanitized before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's browser
session in context of affected web application.

========================================================
V. Exploit
========================================================

Sample exploitation of this vulnerability would be crafting the following
request:

GET /jsps/genrequest.jsp?&routineName=OS.NEW.USER&
routineArgs=BANNER"/><STYLE>@import"javascript:alert
('XSS%20Dangerous')";</STYLE> HTTP/1.1

========================================================
VI. Affected Systems
========================================================

TEMENOS T24 (Core Banking) version 7

Note: Other versions may also be affected.

========================================================
VII. Vendor Response/Solution
========================================================

No vendor response.

========================================================
VIII. Credits
========================================================

Discovered by Rehan Ahmed, Rewterz.

========================================================
XI. About Rewterz
========================================================

Rewterz is a boutique Information Security company, committed to
consistently providing world class professional security services. Our
strategy revolves around the need to provide round-the-clock quality
information security services and solutions to our customers. We maintain
this standard through our highly skilled and professional team, and
custom-designed, customer-centric services and products.

http://www.rewterz.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ