The Nikiara Fraud Management System cross site scripting

2010.02.12
Credit: thebluegenius
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-------------------------------------------------------------------- # Exploit Title: Nikiara Fraud Management System XSS Vulnerability # Date: 10 Feb 2010 # Author: thebluegenius # Software Link: http://www.subexworld.com/fraud-management.html # Version: All # Tested on: Unix | Apache 2.2.4 # CVE : NA --------------------------------------------------- "Nikara Fraud Management System" XSS vulnerability. --------------------------------------------------- By :Thebluegenius. Email :rajsm@isac.org.in Blog :thebluegenius.com. --------------------------------------------------- Description: Nikira Fraud Management System is the next generation fraud management solution built to deliver on a 3-step philosophy of Detect-Investigate-Protect. Nikira detects known fraud types and patterns of unusual behaviour, helps investigate these unusual patterns for potential fraud, and uses the knowledge, thus generated, to upgrade and protect against future intrusions. The vulnerability lies at client login page. Presently this product is deployed at over 90% of Telecom companies across the world. ------------------ Vulnerability: XSS ------------------ you can execute XSS as given below: http://IPaddress:port/login/prompt?message=%3Cscript%3Ealert%28%27Reflected%20XSS%27%29%3C/script%3E ----------------------------------------------------- Greetz Fly Out to: 1] Amforked() : My good friend 2] Aodrulez : for inspiring me 3] www.OrchidSeven.com 4] www.isac.org.in

References:

http://xforce.iss.net/xforce/xfdb/56393
http://www.securityfocus.com/bid/38311
http://www.packetstormsecurity.org/1002-exploits/nikara-xss.txt
http://secunia.com/advisories/38564


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top