BMC Service Desk Express 10.2.1.95 – Multiple Vulnerabilities

• Exploit Database
• 128 阅读

• 作者： Nuri Fattah
  日期： 2013-07-13
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/26806/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61

  Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC   Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95 Affected Product: BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95   Timeline: 07 June 2013- Vulnerability found 12 June 2013- Vendor informed 17 June 2013- Vendor replied/confirmed & opened service ticket Credits: Nuri Fattah of NATO / NCIRC (www.ncirc.nato.int) CVE: To be assigned NCIRC ID: NCIRC-2013127-02 Description: Multiple vulnerabilities, including Cross-Site Scripting(XSS) and SQL injection were identified in the latest version of BMC SERVICE DESK EXPRESS Vulnerability Details:   1. SQL injection a. /SDE/DashBoardGUI.aspx vuln parameter: [ASPSESSIONIDASSRATTQ cookie]   b. /SDE/DashBoardGUI.aspx vuln parameter: [TABLE_WIDGET_1 cookie] c. /SDE/DashBoardGUI.aspx vuln parameter: [TABLE_WIDGET_2 cookie] d. SDE/DashBoardGUI.aspx vuln parameter: [browserDateTimeInfo cookie] e. /SDE/DashBoardGUI.aspx vuln parameter: [browserNumberInfo cookie] f. /SDE/login.aspx vuln parameter: [UID] 2. Reflected XSS a. /SDE/QV_admin.aspx vuln parameter: [SelTab] b. /SDE/QV_grid.aspx vuln parameter: [CallBack] c. /SDE/commonhelp.aspx vuln parameter: [HelpPage]   example: GET /SDE/QV_grid.aspx?QuerySeq=1068&CondVal=1%40V1%40ADMINISTRATION%401&Call Back=parent.parent.frames.TmInputs.callBack(doGridDataCallBack.arguments [0]);</script><script>alert(99817)</script>&ViewType=g&bRefresh= HTTP/1.1 Solution: No Solution has yet been provided. Please contact the vendor.