[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS)
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS)
- From: ayman.abdelaziz@xxxxxxxxxx
- Date: Fri, 6 Feb 2015 11:36:33 GMT
About the Product:
BMC FootPrints Service Core is an IT service and asset management platform used
by many organizations to help the IT departments deliver more value to
businesses.
Advisory Details:
During a Penetration testing, Help AG auditor (Ayman Abdelaziz) discovered the
following:
1) Stored Cross-Site Scripting (XSS) vulnerability in BMC Footprints Service
Core 11.5 (MRTicketPage.pl), allows remote attackers to inject arbitrary web
script or HTML via the Email Address form field when openning a request ticket.
Proof of Concept:
Inject the following JavaScript <script>alert('XSSed')</script> in the Email
address form field in the (MRTicketPage.pl).
2) Reflected Cross-Site Scripting (XSS) vulnerability in BMC Footprints Service
Core 11.5 (MRServiceCatalog.pl), allows remote attackers to inject arbitrary
web script or HTML via the 'USER' or 'MRP' URL parameters.
Proof of Concept:
Inject the following JavaScript <script>alert('XSSed')</script> in the 'USER'
or 'MRP' URL parameters as the following:
http://domain/MRcgi/MRServiceCatalog.pl/CMDB_ID=3&USER=test%3Cscript%3Ealert%28%27XSSed%27%29%3C%2fscript%3E&MRP=0F0JTvCEm&PROJECTID=12&CUSTM=test
or
http://domain/MRcgi/MRServiceCatalog.pl/CMDB_ID=3&USER=test&MRP=0F0JTvCEm%3Cscript%3Ealert%28%27XSSed%27%29%3C%2fscript%3E&PROJECTID=12&CUSTM=test
Solution:
After contacting the vendor (BMC Software, Inc.) about the vulnerability for a
solution, they confirmed that it was solved with a software upgrade, the
response was the following:
"Changes were made to the application code in version 11.6.03 to avoid this
vulnerability, so if you upgrade to 11.6.03 or later you should find that this
is no longer a problem"
[1] help AG middle East (http://www.helpag.com/).
[2] BMC Software Inc. (http://www.bmc.com/).
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ -
international in scope and free for public use, CVEA® is a dictionary of
publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to
developers and security practitioners, CWE is a formal list of software
weakness types.