IBM Sterling B2B Integrator 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1227707 漏洞类型 跨站脚本
发布时间 2018-08-13 更新时间 2019-10-17
CVE编号 CVE-2018-1513 CNNVD-ID CNNVD-201807-1768
漏洞平台 Multiple CVSS评分 N/A
IBM Sterling B2B Integrator(标准版)5.2.0版本至5.2.6版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞在Web UI中注入任意的JavaScript代码。
# Exploit Title: [IBM Sterling B2B Integrator persistent cross-site scripting]
# Exploit Author: [Vikas Khanna] ( (
# Vendor Homepage: []
# Version: [IBM Sterling B2B Integrator -] (REQUIRED)
# CVE : [CVE-2018-1513 & CVE-2018-1563]

Vulnerability Details
Vulnerability Name : Persistent Cross Site Scripting 
Affected Parameter(s) : fname & lname

Steps to reproduce
Step 1 : Login to the IBM Sterling B2B Integrator.

Step 2 : Navigate to Performance Tuning module, Username will be displayed as below :- 
				Last Edited By <USERNAME>
	Note :- Modify the configuration for example and check the Last Edited By - Username. Any user (Admin or Non admin) who have privileges to change the configuration can act like an attacker. 

Step 3 : Navigate to My Account and update first name and last name.

Step 4: Intercept the request using burp suite and insert the <Video><source onerror=”alert(1)”> payload & <Video><source onerror=”alert(2)”> payload in fname and lname parameter.

Step 5 : It has been observed that My account module is not vulnerable to XSS but Performance Tuning tab under Operations -> Performance is vulnerable, as the Performance Tuning tab displays the user’s first name and last name separately as “Last Edited By USERNAME”.

Step 6 : Now navigate to Performance Tuning module. It is seen that the application is vulnerable to Persistent Cross Site Scripting.

Note : It has been observed that any user who has access to Performance Tuning tab will be vulnerable and the same javascript payload will execute for them as well.