*ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities*


Exploit Title: ECE Projects XSS (Cross-site Scripting) Security
Vulnerabilities
Vendor: ECE Projektmanagement G.m.b.H. & Co. KG (ECE)
Product: ECE Projects
Vulnerable Versions:
Tested Version:
Advisory Publication: April 01, 2015
Latest Update: April 01, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University
(NTU), Singapore]




*Suggestion Details:*


*(1) Vendor & Product Description:*


*Vendor:*
ECE Projektmanagement G.m.b.H. & Co. KG (ECE)


*Product & Version:*
All Projects - Shopping & Office, Traffic, Industries, Hotel, Residential


*Vendor URL & download:*
ECE Projects can be obtained from here,
http://www.ece.com/en/projects/all-projects/


*Google Dork:*
ECE Projektmanagement GmbH & Co. KG


*Product Introduction Overview:*
"ECE develops, builds, and manages large commercial properties in the
business areas Shopping, Office, Traffic, and Industries. It was founded in
1965 by mail-order pioneer Prof. Werner Otto (1909-2011) and is owned by
the Otto family. Since 2000, the company founder's son, Alexander Otto, has
been heading the company. Hamburg-based ECE has been developing, building,
leasing out, and managing large commercial properties in the business areas
Shopping, Office, Traffic, and Industries and is European market leader in
the field of downtown shopping centers. For decades, ECE has been realizing
very successfully large group headquarters, office buildings, industrial
buildings, logistic centers, traffic-related properties, hotels and other
highly complex building types. ECE provides all real estate-related
services from one source and thus creates a major benefit for their
customers, clients and partners by pooling their complete know-how. With
regard to numerous projects the ECE group acts as investor and keeps the
projects in the portfolio for decades. Furthermore, two ECE funds
concentrate on the acquisition of shopping centers with value growth
potential. ECE is Europe-wide successfully positioned with numerous
subsidiaries and joint ventures."

"ECE employs specialists with in-depth knowledge of the retail trade and
all related "disciplines" and pools this wide-ranging expertise under one
roof. Our full-service concept extends from the original idea right through
to long-term management. Our credo: a full range of services from a single
provider who takes overall responsibility as opposed to a "coordinator".
This expertise is underpinned by several decades of experience in the
sector as well as the financial strength of the ECE Group and enables us to
cater to the full range of needs and requirements of our clients."



*(2) Vulnerability Details:*
ECE web application has a security bug problem. It can be exploited by XSS
attacks. This may allow a remote attacker to create a specially crafted
request that would execute arbitrary script code in a user's browser
session within the trust relationship between their browser and the server.

Several ECE Projects products 0Day vulnerabilities have been found by some
other bug hunter researchers before. ECE Projects patched some of them.
Open Sourced Vulnerability Database (OSVDB) is an independent and
open-sourced database. The goal of the project is to provide accurate,
detailed, current, and unbiased technical information on security
vulnerabilities. The project promotes greater, open collaboration between
companies and individuals. It has published suggestions, advisories,
solutions details related to XSS vulnerabilities.


*(2.1)* The first code programming flaw occurs atoccurs at "suchergebnis/?"
page with "&tx_solr[q]" parameter.






*References:*
http://www.tetraph.com/security/xss-vulnerability/ece-projects-xss-cross-site-scripting-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/04/ece-projects-xss-cross-site-scripting.html
http://www.inzeed.com/kaleidoscope/computer-web-security/ece-projects-xss-cross-site-scripting-security-vulnerabilities/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/ece-projects-xss-cross-site-scripting-security-vulnerabilities/
https://hackertopic.wordpress.com/2015/04/02/ece-projects-xss-cross-site-scripting-security-vulnerabilities/
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2
http://packetstormsecurity.com/files/authors/11717
http://www.osvdb.org/show/osvdb/119707




--
Wang Jing,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),
Singapore.
http://www.tetraph.com/wangjing/
https://twitter.com/justqdjing