IBM Sterling B2B Integrator 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1226201 漏洞类型 跨站脚本
发布时间 2018-08-14 更新时间 2019-10-17
CVE编号 CVE-2018-1563 CNNVD-ID CNNVD-201807-1691
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018080094
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-1691
|漏洞详情
IBM Sterling B2B Integrator是美国IBM公司的一套集成了重要的B2B流程、交易和关系的软件。该软件支持与不同的合作伙伴社区之间实现复杂的B2B流程的安全集成。 IBM Sterling B2B Integrator(标准版)中存在跨站脚本漏洞。远程攻击者可利用该漏洞向Web UI注入任意的JavaScript代码。以下产品和版本受到影响:IBM Sterling File Gateway 2.2.0版本,IBM Sterling File Gateway 2.2.6版本。
|漏洞EXP 
# Exploit Title: [IBM Sterling B2B Integrator persistent cross-site scripting]
# Exploit Author: [Vikas Khanna] (https://www.linkedin.com/in/leetvikaskhanna/) (https://twitter.com/MR_SHANU_KHANNA)
# Vendor Homepage: [https://www.ibm.com/support/knowledgecenter/en/SS3JSW_5.2.0/com.ibm.help.overview.doc/si_overview.html]
# Version: [IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3] (REQUIRED)
# CVE : [CVE-2018-1513 & CVE-2018-1563]
 
 
Vulnerability Details
Vulnerability Name : Persistent Cross Site Scripting 
Affected Parameter(s) : fname & lname
 
Steps to reproduce
Step 1 : Login to the IBM Sterling B2B Integrator.
 
Step 2 : Navigate to Performance Tuning module, Username will be displayed as below :- 
                Last Edited By <USERNAME>
    Note :- Modify the configuration for example and check the Last Edited By - Username. Any user (Admin or Non admin) who have privileges to change the configuration can act like an attacker. 
 
Step 3 : Navigate to My Account and update first name and last name.
 
Step 4: Intercept the request using burp suite and insert the <Video><source onerror=aalert(1)a> payload & <Video><source onerror=aalert(2)a> payload in fname and lname parameter.
 
Step 5 : It has been observed that My account module is not vulnerable to XSS but Performance Tuning tab under Operations -> Performance is vulnerable, as the Performance Tuning tab displays the useras first name and last name separately as aLast Edited By USERNAMEa.
 
Step 6 : Now navigate to Performance Tuning module. It is seen that the application is vulnerable to Persistent Cross Site Scripting.
 
Note : It has been observed that any user who has access to Performance Tuning tab will be vulnerable and the same javascript payload will execute for them as well.
|参考资料

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10717031


来源:exchange.xforce.ibmcloud.com

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/142967
检索漏洞
开始时间
结束时间
相关漏洞