exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SIS-REWE GO 7.5.0/12C Cross Site Scripting

SIS-REWE GO 7.5.0/12C Cross Site Scripting
Posted May 11, 2021
Authored by Florian Lienhart, Steffen Robertz | Site sec-consult.com

SIS-REWE GO version 7.5.0/12C suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2021-31537
SHA-256 | cf57e1ea5b94b158d4041349a0500d013dd5f4797be8de63faf32cf9759b8347

SIS-REWE GO 7.5.0/12C Cross Site Scripting

Change Mirror Download
SEC Consult Vulnerability Lab Security Advisory < 20210511-0 >
=======================================================================
title: Reflected Cross-site Scripting Vulnerabilities
product: SIS Informatik - REWE GO
vulnerable version: 7.5.0/12C
fixed version: 7.7 SP17
CVE number: CVE-2021-31537
impact: Medium
homepage:https://sisinformatik.com/rewe-go/
found: 2021-02-12
by: Steffen Robertz (Office Vienna)
Florian Lienhart (Office Vienna)
SEC Consult Vulnerability Lab

An integrated part of SEC Consult, an Atos company
Europe | Asia | North America

https://www.sec-consult.com

=======================================================================

Vendor description:
-------------------
"SIS Informatik is your specialist for the conception and implementation
of tailor-made accounting, business intelligence and corporate
performance management solutions. In addition to technical competence,
business know-how and the willingness to develop optimal, adaptable
software solutions together with our customers are the central
components that make us a strong partner. We develop solutions based on
high-quality technologies from well-known partners such as IBM, Oracle
and Qlik" (translated from German)

Source:https://sisinformatik.com/unternehmen/


Business recommendation:
------------------------
The vendor provides a patch which should be installed immediately.

SEC Consult recommends to perform a thorough security review of these products
conducted by security professionals to identify and resolve all security
issues.


Vulnerability overview/description:
-----------------------------------
1) Multiple Reflected Cross-site Scripting (XSS) (CVE-2021-31537)
The login website returns unfiltered or unescaped user input. This leads to a
reflected cross-site scripting (XSS) vulnerability.
An attacker can inject arbitrary HTML or JavaScript code into the victim's
web browser. Once the victim clicks on a malicious link, the attacker's code
is executed in the context of the victim's web browser.

Proof of concept:
-----------------
1) Multiple Reflected Cross-site Scripting (XSS) (CVE-2021-31537)
When opening the following URL the supplied JavaScript code will be executed.
/rewe/prod/web/index.php?config=rewe2%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E&version=7.5.0&win=2707&user=test&pwd=test&db=test&continue=false
The affected parameters are: "config", "version", "win","db", "pwd", and
"user".

No valid parameters need to be supplied to trigger the XSS vulnerability as
seen in following URL:
/rewe/prod/web/index.php?abc'-alert(%22document.domain%22)-'abc=1

The following URL is affected as well:
/rewe/prod/web/rewe_go_check.php?config=rewe&version=7.5.0%3cscript%3ealert(1)%3c%2fscript%3e&win=2707
All parameters are affected.


Vulnerable / tested versions:
-----------------------------
The following product/firmware version has been tested:
* SIS-REWE GO 7.5.0/12C


Vendor contact timeline:
------------------------
2021-02-24: Contacting vendor throughoffice@sisworld.com; no reply.
2021-03-11: Contacting vendor again throughoffice@sisworld.com.
2021-03-15: Vendor requests more information. SEC Consult offered to provide.
advisory via encrypted or unencrypted mail.
2021-03-17: Sending advisory via PGP encrypted mail.
2021-03-21: Vendor confirmed the vulnerability and is working on a patch.
2021-04-12: Requested status update.
2021-04-16: Hot fix 7.7 SP16 available in week 16, next release 7.7 SP17 in
week 18.
2021-05-11: Coordinated release of security advisory.


Solution:
---------
Contact the vendor in order to install the security patch for release 7.7
SP16
or upgrade to release 7.7 SP17. More information has been provided to customers
of the vendor in a newsletter.


Workaround:
-----------
None


Advisory URL:
-------------
https://sec-consult.com/vulnerability-lab/


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult, an Atos company
Europe | Asia | North America

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an
Atos company. It ensures the continued knowledge gain of SEC Consult in the
field of network and application security to stay ahead of the attacker. The
SEC Consult Vulnerability Lab supports high-quality penetration testing and
the evaluation of new offensive and defensive technologies for our customers.
Hence our customers obtain the most current information about vulnerabilities
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your applicationhttps://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?
Contact our local officeshttps://sec-consult.com/contact/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: research at sec-consult dot com
Web:https://www.sec-consult.com
Blog:http://blog.sec-consult.com
Twitter:https://twitter.com/sec_consult


EOF Steffen Robertz, Florian Lienhart / @2021

Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close