[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability
From:       Rewterz - Research Group <advisories () rewterz ! com>
Date:       2012-06-28 21:13:46
Message-ID: CAMryJ3=eZmHon=73Q5WeYpqUMs4wuHB7XeDErnmmQYqM6Ea9iQ () mail ! gmail ! com
[Download RAW message or body]

Rewterz Security Research Group Advisory

========================================================
I. Overview
========================================================

A Cross-Site Scripting (XSS) vulnerability has been identified in
TEMENOS T24 Core Banking Solution System. This vulnerability allows
an attacker to gain control over valid user accounts, perform operations
on their behalf, redirect them to malicious sites, steal their credentials,
and more.

========================================================
II. Severity
========================================================

Rating: High
Remote: Yes

========================================================
III. Vendor's Description of Application
========================================================

TEMENOS T24 is the most technically advanced banking system
available today. It pairs the most comprehensive and most powerfully
flexible business functionality with the most advanced and scalable
architecture. This gives it unprecedented power and opportunity to meet
the challenges of today and the opportunities of tomorrow.

T24 is built on open architecture, offers low cost of ownership and uses
established standards such as HTTP, XML and J2EE. The design of T24
offers multiple application server support offering horizontal scalability
and supporting huge numbers of users with true non-stop resilience.

http://www.temenos.com/en/t24/

========================================================
IV. Vulnerability Details
========================================================

Input passed via the following GET parameters:

* windowName
* user
* skin
* routineName
* routineArgs
* compScreen
* compId

on following pages:

* /jsps/genrequest.jsp
* /jsps/enqrequest.jsp

are not properly sanitized before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's browser
session in context of affected web application.

========================================================
V. Exploit
========================================================

Sample exploitation of this vulnerability would be crafting the following
request:

GET /jsps/genrequest.jsp?&routineName=OS.NEW.USER&
routineArgs=BANNER"/><STYLE>@import"javascript:alert
('XSS%20Dangerous')";</STYLE> HTTP/1.1

========================================================
VI. Affected Systems
========================================================

TEMENOS T24 (Core Banking) version 7

Note: Other versions may also be affected.

========================================================
VII. Vendor Response/Solution
========================================================

No vendor response.

========================================================
VIII. Credits
========================================================

Discovered by Rehan Ahmed, Rewterz.

========================================================
XI. About Rewterz
========================================================

Rewterz is a boutique Information Security company, committed to
consistently providing world class professional security services. Our
strategy revolves around the need to provide round-the-clock quality
information security services and solutions to our customers. We maintain
this standard through our highly skilled and professional team, and
custom-designed, customer-centric services and products.

http://www.rewterz.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic